Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis! logfile


  • This topic is locked This topic is locked
19 replies to this topic

#1 wd21

wd21

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 20 March 2010 - 07:11 AM

Hello, I have 99 problems and my laptop is at least 13 of them. I seem to have picked up some annoying rather than nasty things and have bugger all know-how with this stuff, so anyones help would be greatly appreciated smile.gif

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:11, on 20/03/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Freenet\bin\freenettray.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Opera 10 Beta\opera.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/USCON/2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: &Security Update - {6551001F-A07B-40B1-8F55-B44BF35A42A6} - C:\Windows\System32\win32extension.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Freenet Tray.lnk = C:\Program Files\Freenet\bin\freenettray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Freenet background service (freenet) - Tanuki Software, Ltd. - C:\Program Files\Freenet\bin\wrapper-windows-x86-32.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 10892 bytes

BC AdBot (Login to Remove)

 


#2 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:02:43 PM

Posted 22 March 2010 - 10:27 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

PW

#3 wd21

wd21
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 29 March 2010 - 11:26 PM

Hi thanks for your reply. The laptop works fine it is just continually being threatened with "Pakes.AV" though it always gets flagged up. Google searches are being redirected and spontaneous pop-ups keep appearing. I have done the DDS scan here are the results. Thanks. Will.

pop
DDS (Ver_10-03-17.01) - NTFSx86
Run by Will at 5:23:04.84 on 30/03/2010
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3034.1608 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxpers.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Freenet\bin\freenettray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Opera 10 Beta\opera.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Will\Desktop\dds.pif

============== Pseudo HJT Report ===============

uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell.exe" /mode2
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\will\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\users\will\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\freene~1.lnk - c:\program files\freenet\bin\freenettray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\will\appdata\roaming\mozilla\firefox\profiles\voa0ebkw.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\users\will\appdata\roaming\mozilla\firefox\profiles\voa0ebkw.default\extensions\lazarus@interclue.com\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin2.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin3.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin4.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin5.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin6.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin7.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-5-12 114768]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-12 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-12 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-12 108552]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_ae0b52e0\AEstSrv.exe [2009-4-9 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-5-12 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-5-12 53328]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-5-12 138680]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-12 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-12 297752]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-24 155648]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-5-12 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-5-12 352920]
R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [2009-4-9 144672]
R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [2009-4-9 269216]
S2 freenet;Freenet background service;c:\program files\freenet\bin\wrapper-windows-x86-32.exe [2009-10-23 241664]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

=============== Created Last 30 ================

2010-03-29 07:32:43 285469019 ----a-w- c:\windows\MEMORY.DMP
2010-03-15 13:25:08 0 d-----w- c:\program files\Trend Micro
2010-03-11 09:56:26 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-11 09:56:21 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-11 09:56:20 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-28 18:37:30 293376 ----a-w- c:\windows\system32\browserchoice.exe

==================== Find3M ====================

2010-02-24 10:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-01-25 12:00:35 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00:35 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00:35 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00:22 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58:52 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21:20 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21:20 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21:18 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21:18 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-06 15:39:38 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-01-06 15:38:47 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-06 13:30:41 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-11-26 16:30:44 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-26 16:30:44 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-26 16:30:44 143360 ----a-w- c:\windows\inf\infstor.dat
2009-10-29 11:12:15 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-05-08 11:50:15 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-05-08 11:50:15 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-05-08 11:50:15 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
2009-04-09 16:14:48 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 5:25:00.83 ===============


#4 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:02:43 PM

Posted 30 March 2010 - 11:35 AM

Hello wd21

I will be handling your log to help you get cleaned up. I apologize for the delay but the forum is very busy.

As you can see the logs we ask for are very extensive and take a lot of time to investigate. In addition, since I am still in training all of my responses have to be reviewed by our excellent expert staff so there may be a delay in response time. The advantage is that your log will be evaluated by two sets of eyes and two brains.

If you haven't already, you can keep the link to this topic in your Favorites. Alternatively, you can click the Options button at the top bar of this topic and Track this Topic, where you can choose email notifications.

Please make sure Word Wrap in notepad is turned off. When copying and pasting logs paste them directly in the reply box only attach logs if asked to. Do not wrap logs in codebox or code tags. It makes it very difficult to read and analyze them. Please paste them directly into the reply box.
Please do not make any changes to your system until we are through. Fixes are based upon information that is current from your system so any changes can affect our strategy. Please refrain from running any tools we may use without specific instructions.

If your operating system is Windows Vista or Windows 7 it may be necessary to right click then choose Run as Administrator any programs we use.

Before we begin please check and follow the instructions on How to Show Hidden Files and Folders in Windows Vista and Windows XP and How to show hidden files in Windows 7

Because the e-mail notification system is not completely reliable, please check your topic once a day for responses.

Again, keep in mind that it may take a couple of days or more before I can reply but once we get started the process should speed up.

Thank you for your patience!!
PW

#5 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:02:43 PM

Posted 01 April 2010 - 11:17 AM

Hello wd21

QUOTE
Google searches are being redirected and spontaneous pop-ups keep appearing

To what website's are you being redirected and what do the popups on your desktop say?

You should never have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

In your case I notice that you have two antivirus programs installed. AVG8 and Avast.

I suggest you uninstall one of the antivirus programs via Add/Remove Programs. If you decide to uninstall AVG8 there is a removal tool here. If you decide to keep AVG there is an update here.


P2P

Your log(s) show that you are using so called peer-to-peer or file-sharing programs (in your case Freenet). These programs allow file sharing between users as the name(s) suggest. In today's world cyber crime has become an enormous problem. Different ways are used to infect personal computers to make use of their stored data or machine power for further propagation of malware files. A popular means is the use of file-sharing tools as a huge amount of prospective victims can be reached through them.

It is therefore possible to be infected by downloading infected files via peer-to-peer tools and so these tools must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes on copyright laws in many countries over the world and you are putting yourself at risk of of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

If you decide to keep this program please refrain from using it until we get your computer clean.

Step 1.

RootRepeal - Rootkit Detector


Download RootRepeal.zip and unzip it to your Desktop.

  • Double click RootRepeal.exe to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the Scan button
  • In the Select Scan dialog, check:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan

    The scan can take some time. DO NOT run any other programs while the scan is running

  • When the scan is complete, the Save Report button will become available
  • Click this and save the report to your Desktop as RootRepeal.txt
  • Go to File, then Exit to close the program
Step 2.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. <----Important
    Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

In your next reply please include the following:

RootRepeal.txt
ComboFix.txt


Thanks!!
PW

#6 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:02:43 PM

Posted 05 April 2010 - 08:22 AM

Hello wd21

Do you still need help?

Thanks!!!
PW

#7 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:43 PM

Posted 09 April 2010 - 10:58 AM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:43 PM

Posted 25 April 2010 - 11:29 PM

Reopened by user request.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 wd21

wd21
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 27 April 2010 - 02:51 AM

Hello, apologies for the delay in returning your request, I have been away from any internet connection for a wee while. Here are the two reports you requested. Thanks. Will.

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/04/27 07:51
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x91000000 Size: 851968 File Visible: No Signed: -
Status: -

Name: PROCEXP113.SYS
Image Path: C:\Windows\system32\Drivers\PROCEXP113.SYS
Address: 0xAF909000 Size: 7872 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xAF90B000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\RootRepeal report 04-27-10 (07-51-17).txt
Status: Visible to the Windows API, but not on disk.

Path: C:\System Volume Information\{12678e68-1727-11df-b776-0023ae2bcfa8}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{30a20a04-1a7d-11df-bd6d-0023ae2bcfa8}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{37cc2391-1fd0-11df-9945-0023ae2bcfa8}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{7e2c3488-1ce9-11df-8fe5-0023ae2bcfa8}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{b3a37517-1729-11df-8644-0023ae2bcfa8}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{cf7745c1-1d69-11df-b524-0023ae2bcfa8}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{41be9ea5-185e-11df-bb2c-0023ae2bcfa8}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Windows\System32\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\System32\GATHER~1.XSL
Status: Locked to the Windows API!

Path: c:\windows\temp\fla213e.tmp
Status: Allocation size mismatch (API: 5242880, Raw: 0)

Path: c:\windows\temp\fla4d37.tmp
Status: Allocation size mismatch (API: 19136512, Raw: 0)

Path: c:\windows\temp\fla530.tmp
Status: Allocation size mismatch (API: 24182784, Raw: 0)

Path: C:\Windows\Temp\rfic.tmp
Status: Visible to the Windows API, but not on disk.

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.21022.8_none_5d1777c2e857a23b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_5c400d5e63e93b68.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_a6e4a7980e9b18a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_a6dfa6920e9f98fc.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.91_none_54c1279468b7b84b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1801_none_d088a2ec442ef17b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7ab8cc63a6e4c2a3.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_db5f5c9d98cb161f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.21022.8_none_b81d038aaf540e86.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_dc9917e997f80c63.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_58b1a5ca663317c4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.21022.8_none_bdf22a22ab9e15d5.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.91_none_d6c3f1519bae0514.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_516e2e610f48bda6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.1.0.0_none_6c030d6fdc86522c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1801_none_516953ad0f4d16c4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0efb442f8a0f46c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.21022.8_none_5926f98ceadc42c2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_b7e610287b2b4ea5.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\GATHER~1.XSL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\REPORT~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7\GATHER~1.XSL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7\REPORT~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\GATHER~1.XSL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\REPORT~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\RULESS~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\WIRELE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\GATHER~1.XSL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\REPORT~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\RULESS~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\WIRELE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fbb5f0207ec84\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fbb5f0207ec84\GATHER~1.XSL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fbb5f0207ec84\REPORT~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fbb5f0207ec84\RULESS~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fbb5f0207ec84\WIRELE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\GATHER~1.XSL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\REPORT~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\RULESS~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\WIRELE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\GATHER~1.XSL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\REPORT~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\RULESS~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\WIRELE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6000.16720_none_8d57832b7d03f5e1\MICROS~3.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6000.20883_none_768f99cf96a63ad4\MICROS~3.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_33db43850c7307a2\_SMSVC~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_34c832162545dbc8\_SMSVC~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6000.16708_none_2e6f68d711833115\_SMSVC~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6000.20864_none_2eb424f22ad51329\_SMSVC~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6001.18096_none_2ff255b70ef48daa\_SMSVC~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6001.22208_none_30df444827c761d0\_SMSVC~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_reg_31bf3856ad364e35_6.0.6000.16708_none_c4f661e592b1c88e\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_reg_31bf3856ad364e35_6.0.6000.20864_none_c53b1e00ac03aaa2\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_reg_31bf3856ad364e35_6.0.6001.18096_none_c6794ec590232523\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_reg_31bf3856ad364e35_6.0.6001.22208_none_c7663d56a8f5f949\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6000.16708_none_cab9e41b8efd69ed\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6000.20864_none_cafea036a84f4c01\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6001.18096_none_cc3cd0fb8c6ec682\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6001.22208_none_cd29bf8ca5419aa8\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6000.16708_none_f87832f6f02b1a0c\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6000.20864_none_f8bcef12097cfc20\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6001.18096_none_f9fb1fd6ed9c76a1\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6000.16708_none_74dcd7a292078251\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6000.20864_none_752193bdab596465\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6001.18096_none_765fc4828f78dee6\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6001.22208_none_774cb313a84bb30c\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6000.16708_none_7aa059d88e5323b0\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6000.20864_none_7ae515f3a7a505c4\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6001.18096_none_7c2346b88bc48045\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6001.22208_none_7d103549a497546b\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_sm_mof_31bf3856ad364e35_6.0.6000.16708_none_c29392a082f7409d\SERVIC~1.UNI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.0.6000.20864_none_24101549d032590a\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6001.22208_none_fae80e68066f4ac7\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_reg_31bf3856ad364e35_6.0.6001.22208_none_c8512a7445976b57\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6001.18111_none_8d3267e17d560282\MICROS~3.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6001.22230_none_7666d87d96fb7b95\MICROS~3.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.16720_none_ea4958dde0dcb61b\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.16720_none_ea4958dde0dcb61b\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.20883_none_d3816f81fa7efb0e\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.20883_none_d3816f81fa7efb0e\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.18111_none_ea243d93e12ec2bc\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.18111_none_ea243d93e12ec2bc\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.22230_none_d358ae2ffad43bcf\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.22230_none_d358ae2ffad43bcf\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_none_879a188098bde787\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_none_70d22f24b2602c7a\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6001.18111_none_8774fd36990ff428\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6001.22230_none_70a96dd2b2b56d3b\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6000.16720_none_9b01a5fdd9371aff\GACUTI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6000.20883_none_9b4d641ef282ae74\GACUTI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6001.18111_none_9cf3b4d9d654a956\GACUTI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6001.22230_none_9d66b182ef8367ab\GACUTI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_8023fb392e87c40a\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_8023fb392e87c40a\_TRANS~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_8110e9ca475a9830\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_8110e9ca475a9830\_TRANS~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6000.16708_none_7ab8208b3397ed7d\_TRANS~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6000.20864_none_7afcdca64ce9cf91\_TRANS~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6001.18096_none_7c3b0d6b31094a12\_TRANS~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6001.22208_none_7d27fbfc49dc1e38\_TRANS~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6000.16708_none_807ba2c12fe38edc\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6000.20864_none_80c05edc493570f0\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6001.18096_none_81fe8fa12d54eb71\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6001.22208_none_82eb7e324627bf97\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6000.16708_none_c71adcbf2e98b7f5\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6000.20864_none_c75f98da47ea9a09\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6001.18096_none_c89dc99f2c0a148a\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6001.22208_none_c98ab83044dce8b0\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6000.16708_none_9958372092944487\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6000.20864_none_999cf33babe6269b\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6001.18096_none_9adb24009005a11c\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6001.22208_none_9bc81291a8d87542\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6000.16708_none_78c5c5708f85fc49\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6000.16708_none_78c5c5708f85fc49\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6000.20864_none_790a818ba8d7de5d\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6000.20864_none_790a818ba8d7de5d\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6001.18096_none_7a48b2508cf758de\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6001.18096_none_7a48b2508cf758de\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6001.22208_none_7b35a0e1a5ca2d04\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6001.22208_none_7b35a0e1a5ca2d04\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.0.6000.16708_none_b25b01638e2dbfa3\_TRANS~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.0.6000.20864_none_b29fbd7ea77fa1b7\_TRANS~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.0.6001.18096_none_b3ddee438b9f1c38\_TRANS~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.0.6001.22208_none_b4cadcd4a471f05e\_TRANS~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.16708_none_7ea10e5931166775\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.16708_none_7ea10e5931166775\_TRANS~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.20864_none_7ee5ca744a684989\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.20864_none_7ee5ca744a684989\_TRANS~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_ini_31bf3856ad364e35_6.0.6000.16708_none_c1843fad322b4004\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_ini_31bf3856ad364e35_6.0.6000.16708_none_c1843fad322b4004\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_ini_31bf3856ad364e35_6.0.6000.20864_none_c1c8fbc84b7d2218\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcfProcesses
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1280 Status: Locked to the Windows API!

==EOF==

ComboFix 10-04-26.02 - Will 27/04/2010 8:30.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3034.1670 [GMT 1:00]
Running from: c:\users\Will\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2773397201-2855733099-4214572315-500
c:\$recycle.bin\S-1-5-21-4266814236-3844589234-386279251-500
c:\users\Will\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4481.tmp
c:\users\Will\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7AAF.tmp
c:\users\Will\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8384.tmp
c:\users\Will\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8816.tmp
c:\users\Will\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA4F8.tmp
c:\users\Will\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE321.tmp
c:\users\Will\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE957.tmp
c:\windows\system\msvbvm60.dll

Infected copy of c:\windows\system32\drivers\iaStor.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-03-27 to 2010-04-27 )))))))))))))))))))))))))))))))
.

2010-04-27 07:43 . 2010-04-27 07:44 -------- d-----w- c:\users\Will\AppData\Local\temp
2010-04-27 07:43 . 2010-04-27 07:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-19 15:49 . 2010-04-19 15:49 -------- d-----w- c:\users\Will\AppData\Roaming\HP
2010-04-19 11:47 . 2010-04-19 14:15 -------- d-----w- c:\windows\system32\MpEngineStore
2010-04-19 06:52 . 2010-04-19 06:52 -------- d-----w- c:\users\Will\AppData\Local\HP
2010-04-18 18:52 . 2010-04-18 18:52 -------- d-----w- c:\users\Will\AppData\Roaming\Yahoo!
2010-04-18 18:52 . 2010-04-18 18:52 -------- d-----w- c:\programdata\Yahoo! Companion
2010-04-18 18:52 . 2010-04-18 18:52 -------- d-----w- c:\program files\Yahoo!
2010-04-18 18:48 . 2010-04-18 18:48 -------- d-----w- c:\programdata\HP Product Assistant
2010-04-18 18:45 . 2010-04-18 18:45 -------- d-----w- c:\program files\Common Files\HP
2010-04-18 18:45 . 2010-04-18 18:45 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-04-18 18:41 . 2010-04-18 18:41 -------- d-----w- c:\users\Will\{071abbc4-cdf9-47ce-8962-8971cdb8b1ba}
2010-04-18 18:36 . 2010-04-18 18:51 -------- d-----w- c:\program files\HP
2010-04-18 18:34 . 2010-04-19 15:52 192795 ----a-w- c:\windows\hpoins46.dat
2010-04-18 18:33 . 2010-04-18 18:48 -------- d-----w- c:\programdata\HP
2010-04-17 18:12 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-17 18:12 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-17 18:12 . 2010-03-04 17:33 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-04-17 18:12 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-17 18:12 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-17 18:12 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-17 18:12 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-17 18:12 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-17 18:12 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-17 07:10 . 2010-04-17 07:10 -------- d-----w- c:\users\Will\AppData\Roaming\Motive
2010-04-17 07:08 . 2010-04-18 07:17 -------- d-----w- c:\programdata\Motive
2010-04-17 07:08 . 2010-04-17 07:08 -------- d-----w- c:\program files\Common Files\Motive
2010-04-17 07:07 . 2010-04-17 07:07 -------- d-----w- c:\program files\BT Business Broadband Desktop Help
2010-04-17 07:07 . 2010-04-17 07:07 -------- d-----w- c:\program files\BTBusinessHub
2010-04-16 18:19 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-16 18:19 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-03-31 18:34 . 2010-03-09 15:42 834048 ----a-w- c:\windows\system32\wininet.dll
2010-03-31 18:34 . 2010-03-09 16:25 78336 ----a-w- c:\windows\system32\ieencode.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-25 21:51 . 2009-07-12 02:10 -------- d-----w- c:\programdata\avg8
2010-04-19 08:20 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-19 07:00 . 2009-04-09 14:25 -------- d-----w- c:\programdata\Microsoft Help
2010-04-19 06:52 . 2009-05-08 10:32 102808 ----a-w- c:\users\Will\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-30 14:35 . 2009-05-12 16:52 -------- d-----w- c:\users\Will\AppData\Roaming\uTorrent
2010-03-24 20:04 . 2009-08-14 11:15 -------- d-----w- c:\program files\Opera 10 Beta
2010-03-15 13:25 . 2010-03-15 13:25 -------- d-----w- c:\program files\Trend Micro
2010-03-01 17:48 . 2009-04-09 14:20 -------- d-----w- c:\program files\Windows Live
2010-02-28 19:01 . 2010-01-18 17:28 -------- d-----w- c:\program files\Password Spectator
2010-02-24 09:16 . 2009-10-03 09:35 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-20 23:06 . 2010-03-11 09:56 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-11 09:56 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-11 09:56 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-12 10:32 . 2010-02-28 18:37 293376 ----a-w- c:\windows\system32\browserchoice.exe
2009-04-09 16:14 . 2009-04-09 16:09 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-09-04 200704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-09 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-09 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-09 154136]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-15 483420]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-08-31 623960]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"btbb_McciTrayApp"="c:\program files\BT Business Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-12-07 1584640]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

c:\users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2009-10-6 118784]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-04-17 07:07 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=""
"FirewallOverride"=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:77,0f,8f,c8,8d,19,ca,01

R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc [x]
S1 aswSP;avast! Self Protection; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [2008-12-15 81920]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-08-17 53328]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]
S3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\DRIVERS\OA009Ufd.sys [2008-09-03 144672]
S3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\DRIVERS\OA009Vid.sys [2008-09-03 269216]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\voa0ebkw.default\
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: c:\users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\voa0ebkw.default\extensions\lazarus@interclue.com\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npqtplugin7.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-27 08:44
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-04-27 08:47:17
ComboFix-quarantined-files.txt 2010-04-27 07:47

Pre-Run: 31,494,782,976 bytes free
Post-Run: 32,084,398,080 bytes free

- - End Of File - - B876600D0107245009F54D38C5CE2AFF





#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:43 PM

Posted 28 April 2010 - 12:55 PM

Hello, wd21
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.





I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt





  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemdrive%\*.sys /90 /md5
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 wd21

wd21
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 02 May 2010 - 01:53 PM

Hey Tom, thanks...I will get on doing what you have asked, be in touch in a couple of days. Will.

#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:43 PM

Posted 03 May 2010 - 11:09 PM

Ok smile.gif
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 wd21

wd21
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 04 May 2010 - 09:08 AM

here we go -

C:\Program Files\Hotspot Shield\bin\openvpnas.exe a variant of Win32/Adware.AnchorFree application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\iaStor.sys.vir Win32/Olmarik.VM trojan cleaned - quarantined
C:\Users\Will\AppData\Local\temp\c7xv1vqc.tmp\HSS-1.41-install-webroot-225-conduit.exe a variant of Win32/Adware.AnchorFree application deleted -

quarantined
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=13d720cbd415f945b38fe82eade01d44
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-05-04 11:49:27
# local_time=2010-05-04 12:49:27 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 4304333 4304333 0 0
# compatibility_mode=769 16775165 100 98 1219 209244995 0 0
# compatibility_mode=1024 16777215 100 0 25595613 25595613 0 0
# compatibility_mode=5892 16776573 100 100 1695 110492969 0 0
# compatibility_mode=8192 67108863 100 0 100 100 0 0
# scanned=185349
# found=3
# cleaned=3
# scan_time=13526
C:\Program Files\Hotspot Shield\bin\openvpnas.exe a variant of Win32/Adware.AnchorFree application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\iaStor.sys.vir Win32/Olmarik.VM trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Will\AppData\Local\temp\c7xv1vqc.tmp\HSS-1.41-install-webroot-225-conduit.exe a variant of Win32/Adware.AnchorFree application (deleted - quarantined) 00000000000000000000000000000000 C

OTL logfile created on: 04/05/2010 14:29:17 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Will\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.36 Gb Total Space | 35.59 Gb Free Space | 26.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 14.65 Gb Total Space | 8.30 Gb Free Space | 56.68% Space Free | Partition Type: NTFS
Drive F: | 5.77 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HW3
Current User Name: Will
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/04 14:28:09 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Will\Desktop\OTL.exe
PRC - [2010/04/06 20:44:44 | 000,107,056 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
PRC - [2010/04/01 01:24:08 | 000,194,608 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2010/03/26 20:07:02 | 000,331,824 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2010/03/04 03:33:50 | 001,795,880 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe
PRC - [2009/12/07 12:56:00 | 001,584,640 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\BT Business Broadband Desktop Help\btbb\BTHelpNotifier.exe
PRC - [2009/08/31 12:25:16 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/08/17 17:07:23 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/08/17 17:07:17 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/08/17 17:07:01 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/08/17 17:04:21 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/08/17 16:58:55 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/15 05:13:50 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/12/15 05:13:46 | 000,241,746 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe
PRC - [2008/12/15 05:13:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe
PRC - [2008/10/24 09:14:36 | 000,206,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2008/10/04 19:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/10/04 19:58:02 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/09/24 04:09:52 | 001,295,656 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/09/24 04:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/09/04 06:29:18 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/09/04 06:29:10 | 000,200,704 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/09/04 06:29:10 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/05/07 23:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/05/07 23:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/01/21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/02/22 18:32:12 | 000,118,784 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe


========== Modules (SafeList) ==========

MOD - [2010/05/04 14:28:09 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Will\Desktop\OTL.exe
MOD - [2009/04/11 07:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/21 03:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/17 08:07:48 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2010/04/06 20:44:46 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2010/04/01 01:24:08 | 000,194,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2010/03/26 20:07:02 | 000,331,824 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/17 17:07:17 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/08/17 17:07:01 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/08/17 17:04:21 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/08/17 16:58:55 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/12/15 05:13:46 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe -- (STacSV)
SRV - [2008/12/15 05:13:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe -- (AESTFilters)
SRV - [2008/10/04 19:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/09/24 04:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/05/07 23:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2010/03/26 20:07:02 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2010/03/26 20:07:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2009/12/07 12:55:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/12/07 12:55:56 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/08/25 23:39:53 | 000,217,536 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009/08/17 17:05:52 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/08/17 17:05:37 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/08/17 17:05:24 | 000,053,328 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2009/08/17 17:04:40 | 000,051,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/08/17 17:04:29 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2008/12/22 11:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/12/17 09:56:50 | 001,331,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/12/15 05:13:54 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/12/09 06:25:14 | 002,473,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/09/04 06:29:08 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/09/03 09:44:22 | 000,269,216 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA009Vid.sys -- (OA009Vid)
DRV - [2008/09/03 09:44:22 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA009Ufd.sys -- (OA009Ufd)
DRV - [2008/09/02 10:19:22 | 000,069,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/09/01 11:19:40 | 000,304,128 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2008/09/01 11:15:54 | 000,317,976 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2008/01/21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/01/21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/04/07 17:06:38 | 000,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VNUSB.sys -- (VNUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/USCON/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.29
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {5546F97E-11A5-46b0-9082-32AD74AAA920}:0.5.5.5
FF - prefs.js..extensions.enabledItems: lazarus@interclue.com:2.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.8.1
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.2.2
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20090414

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/18 19:51:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/27 16:17:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/03 15:31:25 | 000,000,000 | ---D | M]

[2009/05/12 17:36:02 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Extensions
[2010/04/30 17:49:32 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\voa0ebkw.default\extensions
[2009/07/11 15:19:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\voa0ebkw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/05/12 17:41:01 | 000,000,000 | ---D | M] (InFormEnter) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\voa0ebkw.default\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
[2009/08/12 07:03:48 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\voa0ebkw.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/07/13 22:37:29 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\voa0ebkw.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/08/13 13:20:36 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\voa0ebkw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/05/12 17:41:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\voa0ebkw.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009/05/19 10:37:32 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\voa0ebkw.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/05/12 17:41:01 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\voa0ebkw.default\extensions\lazarus@interclue.com
[2009/08/09 22:41:56 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\voa0ebkw.default\extensions\personas@christopher.beard
[2010/05/03 15:31:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/03 15:31:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/03 15:31:11 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/27 16:17:21 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/27 16:17:21 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/27 16:17:21 | 000,000,759 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/27 16:17:21 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Business Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - Startup: C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Will\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Will\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/21 03:34:27 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/05/04 14:28:06 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Will\Desktop\OTL.exe
[2010/05/04 09:02:21 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/05/03 15:31:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/03 10:49:58 | 000,000,000 | ---D | C] -- C:\Hotspot Shield
[2010/05/03 10:49:52 | 000,000,000 | ---D | C] -- C:\Program Files\Hotspot Shield
[2010/05/02 16:15:10 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/02 14:53:16 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Downloads
[2010/05/02 14:51:23 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\Google
[2010/05/02 09:42:17 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Vysotsky Vladimir - Selected Songs [by saepood.ee]
[2010/04/27 08:52:58 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\RSP
[2010/04/27 08:47:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/04/27 08:47:19 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\temp
[2010/04/27 08:24:13 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/04/27 08:24:13 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/04/27 08:24:13 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/04/27 08:23:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/04/27 08:22:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/04/27 07:48:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/19 16:49:37 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\HP
[2010/04/19 12:47:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2010/04/19 07:52:28 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\HP
[2010/04/18 19:52:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010/04/18 19:52:27 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\Yahoo!
[2010/04/18 19:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/04/18 19:48:21 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2010/04/18 19:45:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/04/18 19:45:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/04/18 19:41:37 | 000,000,000 | ---D | C] -- C:\Users\Will\{071abbc4-cdf9-47ce-8962-8971cdb8b1ba}
[2010/04/18 19:39:57 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/04/18 19:36:06 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/04/18 19:33:31 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2010/04/17 08:10:14 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\Motive
[2010/04/17 08:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Motive
[2010/04/17 08:08:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2010/04/17 08:07:58 | 000,000,000 | ---D | C] -- C:\Program Files\BT Business Broadband Desktop Help
[2010/04/17 08:07:33 | 000,000,000 | ---D | C] -- C:\Program Files\BTBusinessHub
[2010/03/30 14:26:28 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Herman's Hermits - Greatest Hits
[2010/03/30 14:16:55 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\The Verve -Discografia-[www.TodoCVCD.com][Johnnygan]
[2010/03/30 13:56:58 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\The Kinks - The Ultimate Collection
[2010/03/30 13:56:15 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\The Smiths Complete collection(10LP's)mp3
[2010/03/29 08:32:57 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/03/26 20:07:02 | 000,037,376 | ---- | C] (AnchorFree Inc.) -- C:\Windows\System32\drivers\HssDrv.sys
[2010/03/26 20:07:02 | 000,032,768 | ---- | C] (AnchorFree Inc) -- C:\Windows\System32\drivers\taphss.sys
[2010/03/15 14:25:08 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/15 14:24:41 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Will\Documents\HijackThisInstaller.exe
[2010/03/12 02:56:19 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Antony & The Johnsons-The Crying Light-2009
[2010/03/12 02:55:42 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Antony and the Johnsons - Discography 2000-2005
[2010/03/11 19:37:03 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Ray_Lamontagne_3_studioalbums_mp3
[2010/03/08 15:23:06 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\clothes
[2010/02/28 20:05:38 | 011,650,440 | ---- | C] (Opera Software ASA ) -- C:\Users\Will\Documents\Opera_1010_in_Setup.exe
[2010/02/28 20:04:29 | 009,306,504 | ---- | C] (Opera Software ASA ) -- C:\Users\Will\Documents\Opera_1010_en_Setup.exe
[2010/02/22 18:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PersSecurityUninstall
[2010/02/14 18:58:37 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Tom Waits - discography
[2010/02/14 18:58:27 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Nick Drake From CDs
[2010/02/14 18:58:22 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Tom Waits discography
[2010/02/14 18:58:09 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\[1994] MTV Unplugged In New York - Nirvana @ 320kbs
[2010/02/14 18:47:07 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Blind Willie Johnson - The Complete Blind Willie Johnson
[2010/02/14 18:25:48 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Lennon Legend - The Very Best Of
[2010/02/14 18:07:28 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\R.E.M.The Best Of Rem (In Time 1988-2003)
[2010/02/14 17:58:58 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\lauryn hill - mtv unplugged no. 2.0
[2010/02/14 17:58:21 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Vic Chesnutt - Silver Lake (2003)
[2010/02/14 17:57:06 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Tracy Chapman - Tracy Chapman
[2010/02/14 15:19:03 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Cat Power - You Are Free (2003) -192k
[2010/02/14 15:11:03 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Cat Power - The Greatest [2006]
[2010/02/14 14:36:07 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Dark Was The Night - Various
[2010/02/14 14:34:32 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Feist - Discography (4 Albums)
[2010/02/14 14:19:27 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Beach Boys - Pet Sounds
[2010/02/14 14:05:45 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Broken Social Scene
[2010/02/14 14:00:36 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Alanis Morissette - MTV Unplugged
[2010/02/14 13:51:19 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Leonard Cohen
[2010/02/14 13:42:02 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Danger Mouse and Sparklehorse - Dark Night of The Soul
[2010/02/14 13:41:26 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Florence And The Machine - Lungs [2009][320kbps]MP3-MT
[2010/02/14 13:34:05 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Quantic & Quantic Soul Orchestra Complete Discography
[2010/02/14 13:31:35 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Animal Collective - Merriweather Post Pavilion [2009]
[2010/02/14 13:30:41 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Jeff_Buckley-Sketches_For_my_Sweetheart_the_Drunk
[2010/02/14 13:30:28 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\The xx
[2010/02/14 11:27:47 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Al Green - The Very Best Of Al Green (2001) KompletlyWyred DHZ Inc Release
[2010/02/14 11:26:56 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Portishead - Third (Advance) - 2008
[2010/02/14 11:26:35 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Massive Attack - Discography
[2010/02/14 11:24:46 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Bombay Bicycle Club - I Had The Blues But I Shook Them Loose (2009) - Indie
[2010/02/13 07:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Will\Documents\*.tmp files -> C:\Users\Will\Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/04 14:29:54 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/04 14:29:54 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/04 14:28:29 | 002,621,440 | -HS- | M] () -- C:\Users\Will\NTUSER.DAT
[2010/05/04 14:28:09 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Will\Desktop\OTL.exe
[2010/05/04 09:01:52 | 002,672,312 | ---- | M] () -- C:\Users\Will\Desktop\esetsmartinstaller_enu.exe
[2010/05/04 08:36:52 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/04 08:36:52 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/04 08:36:52 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/04 08:30:04 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/04 08:29:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/04 08:29:48 | 3181,760,512 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/03 23:19:42 | 000,524,288 | -HS- | M] () -- C:\Users\Will\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/05/03 23:19:42 | 000,065,536 | -HS- | M] () -- C:\Users\Will\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/05/03 23:19:40 | 002,521,578 | -H-- | M] () -- C:\Users\Will\AppData\Local\IconCache.db
[2010/05/03 11:17:37 | 000,027,503 | ---- | M] () -- C:\Users\Will\AppData\Roaming\UserTile.png
[2010/05/02 16:57:31 | 000,349,347 | ---- | M] () -- C:\Users\Will\Documents\Asylum Myths 2010[1].pdf
[2010/05/02 16:50:29 | 000,019,292 | ---- | M] () -- C:\Users\Will\Documents\wtf.adr
[2010/05/02 16:16:10 | 000,001,854 | ---- | M] () -- C:\Users\Will\Documents\Safari.lnk
[2010/04/30 18:02:00 | 000,001,889 | ---- | M] () -- C:\Users\Will\Documents\Adobe Reader 9.lnk
[2010/04/30 10:43:58 | 000,013,842 | ---- | M] () -- C:\Users\Will\Documents\notes.docx
[2010/04/28 18:35:54 | 000,380,520 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/27 10:38:37 | 000,012,070 | ---- | M] () -- C:\Users\Will\Documents\bleep twathead.docx
[2010/04/27 08:44:04 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/04/27 08:23:09 | 003,924,005 | R--- | M] () -- C:\Users\Will\Documents\ComboFix.exe
[2010/04/27 06:55:36 | 000,874,022 | ---- | M] () -- C:\Users\Will\Documents\nah.pptx
[2010/04/27 06:25:52 | 000,023,552 | ---- | M] () -- C:\Users\Will\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/26 09:29:14 | 006,340,338 | ---- | M] () -- C:\Users\Will\Documents\Photo Album2.pptx
[2010/04/26 09:22:39 | 030,916,760 | ---- | M] () -- C:\Users\Will\Documents\Photo Album.pptx
[2010/04/25 23:25:40 | 011,785,567 | ---- | M] () -- C:\Users\Will\Documents\Urban Design Currie Project.pptx
[2010/04/25 22:51:53 | 000,464,491 | ---- | M] () -- C:\Users\Will\Documents\RootRepeal.zip
[2010/04/22 15:26:25 | 000,038,189 | ---- | M] () -- C:\Users\Will\Documents\Solar-Dynamics-Observator-001.jpg
[2010/04/21 09:56:35 | 000,036,085 | ---- | M] () -- C:\Users\Will\Documents\bookshopdisplayb2cropped_small.jpg
[2010/04/21 09:56:12 | 000,027,635 | ---- | M] () -- C:\Users\Will\Documents\3Watermill-Gallery-Feb-07.jpg
[2010/04/21 09:56:04 | 000,028,142 | ---- | M] () -- C:\Users\Will\Documents\2Watermill-Gallery-Feb-07.jpg
[2010/04/21 09:55:55 | 000,023,232 | ---- | M] () -- C:\Users\Will\Documents\1Watermill-Gallery-Feb-07.jpg
[2010/04/21 08:56:51 | 000,112,823 | ---- | M] () -- C:\Users\Will\Documents\Old_watermill_building,_Aberfeldy.jpg
[2010/04/21 08:44:40 | 000,624,978 | ---- | M] () -- C:\Users\Will\Documents\cca.pdf
[2010/04/20 18:12:34 | 000,025,042 | ---- | M] () -- C:\Users\Will\Documents\davidcameron.jpg
[2010/04/19 19:02:17 | 000,038,935 | ---- | M] () -- C:\Users\Will\Documents\files-usb_dotnetwizard.net.rar
[2010/04/19 16:52:29 | 000,192,795 | ---- | M] () -- C:\Windows\hpoins46.dat
[2010/04/19 07:59:15 | 000,000,206 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2010/04/19 07:52:27 | 000,102,808 | ---- | M] () -- C:\Users\Will\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/18 20:39:39 | 000,201,857 | ---- | M] () -- C:\Windows\hpoins46.dat.temp
[2010/04/18 20:34:00 | 000,002,114 | ---- | M] () -- C:\Users\Will\Documents\Add a Device - Deskjet F4500 series.lnk
[2010/04/18 19:49:14 | 000,001,028 | ---- | M] () -- C:\Users\Will\Documents\Shop for HP Supplies.lnk
[2010/04/18 19:48:11 | 000,001,178 | ---- | M] () -- C:\Users\Will\Documents\HP Solution Center.lnk
[2010/04/18 19:46:23 | 000,001,974 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/04/18 19:44:44 | 000,002,163 | ---- | M] () -- C:\Users\Will\Documents\Windows Live Photo Gallery.lnk
[2010/04/18 19:41:44 | 001,796,632 | ---- | M] () -- C:\Users\Will\Documents\INFCACHE.1
[2010/04/17 08:10:24 | 000,001,310 | ---- | M] () -- C:\Users\Will\Documents\BT Business Broadband Desktop Help.lnk
[2010/04/17 08:07:38 | 000,001,910 | ---- | M] () -- C:\Users\Will\Documents\BT Business Total Broadband.LNK
[2010/04/17 08:07:38 | 000,001,902 | ---- | M] () -- C:\Users\Will\Documents\Broadband Voice Connection.LNK
[2010/04/17 08:07:37 | 000,001,812 | ---- | M] () -- C:\Users\Will\Documents\Hub Manager.LNK
[2010/04/16 19:48:00 | 000,506,399 | ---- | M] () -- C:\Users\Will\Documents\PDFDownload.pdf
[2010/04/14 14:59:47 | 000,012,419 | ---- | M] () -- C:\Users\Will\Documents\It seems too soon.docx
[2010/04/14 12:28:09 | 007,676,016 | ---- | M] () -- C:\Users\Will\Documents\Presentation1.pptx
[2010/04/13 00:06:04 | 000,011,456 | ---- | M] () -- C:\Users\Will\Documents\Urban Design Project.docx
[2010/04/10 19:31:32 | 000,015,937 | ---- | M] () -- C:\Users\Will\Documents\budgeting 2010-11.xlsx
[2010/04/09 09:41:31 | 000,742,400 | ---- | M] () -- C:\Users\Will\Documents\Publication1.pub
[2010/04/08 16:01:50 | 005,838,164 | ---- | M] () -- C:\Users\Will\Documents\meeehh.pptx
[2010/04/07 22:23:41 | 000,238,009 | ---- | M] () -- C:\Users\Will\Documents\Hello Rachael.docx
[2010/04/07 16:00:46 | 000,009,978 | ---- | M] () -- C:\Users\Will\Documents\juice.docx
[2010/04/06 20:40:40 | 000,011,718 | ---- | M] () -- C:\Users\Will\Documents\go on.docx
[2010/04/05 16:50:00 | 000,027,321 | ---- | M] () -- C:\Users\Will\Documents\Findhorn.docx
[2010/03/29 08:36:10 | 001,764,864 | ---- | M] () -- C:\Users\Will\Documents\Universal ecological compensation for green field development.ppt
[2010/03/29 08:35:31 | 000,727,625 | ---- | M] () -- C:\Users\Will\Documents\Universal ecological compensation for green field development.pptx
[2010/03/28 17:31:00 | 000,018,809 | ---- | M] () -- C:\Users\Will\Documents\pe190244.jpg
[2010/03/28 17:29:56 | 000,046,714 | ---- | M] () -- C:\Users\Will\Documents\einstein-stache.jpg
[2010/03/28 17:22:51 | 000,026,307 | ---- | M] () -- C:\Users\Will\Documents\2879tobacco_pipe.jpg
[2010/03/28 17:22:32 | 000,003,367 | ---- | M] () -- C:\Users\Will\Documents\J20455.jpg
[2010/03/28 17:21:51 | 000,027,166 | ---- | M] () -- C:\Users\Will\Documents\magnifying_glass.jpg
[2010/03/28 16:55:08 | 000,080,026 | ---- | M] () -- C:\Users\Will\Documents\UK_Flag_Wavy.jpg
[2010/03/27 22:09:16 | 000,143,265 | ---- | M] () -- C:\Users\Will\Documents\800px-German_Flag_Wavy_svg.png
[2010/03/27 15:32:56 | 000,033,772 | ---- | M] () -- C:\Users\Will\Documents\elmo-tricycle.jpg
[2010/03/27 13:49:03 | 000,029,996 | ---- | M] () -- C:\Users\Will\Documents\hello-kitty-bicycle.jpg
[2010/03/27 13:48:39 | 000,029,996 | ---- | M] () -- C:\Users\Public\Documents\hello-kitty-bicycle.jpg
[2010/03/27 13:29:32 | 000,169,318 | ---- | M] () -- C:\Users\Will\Documents\Jamieson-paper Climate Ethics.pdf
[2010/03/27 13:10:12 | 000,154,550 | ---- | M] () -- C:\Users\Will\Documents\spacetime-frame-dragging.jpg
[2010/03/27 12:47:15 | 000,028,243 | ---- | M] () -- C:\Users\Will\Documents\treeGardenA0000.jpg
[2010/03/27 12:44:14 | 000,727,660 | ---- | M] () -- C:\Users\Will\Documents\image.jpeg
[2010/03/27 12:42:53 | 000,093,774 | ---- | M] () -- C:\Users\Will\Documents\3108money_house.jpg
[2010/03/27 12:38:25 | 000,049,037 | ---- | M] () -- C:\Users\Will\Documents\stick_insect_small.jpg
[2010/03/27 12:37:31 | 000,004,769 | ---- | M] () -- C:\Users\Will\Documents\stick_figure.gif
[2010/03/26 20:07:02 | 000,037,376 | ---- | M] (AnchorFree Inc.) -- C:\Windows\System32\drivers\HssDrv.sys
[2010/03/26 20:07:02 | 000,032,768 | ---- | M] (AnchorFree Inc) -- C:\Windows\System32\drivers\taphss.sys
[2010/03/26 18:58:58 | 000,047,898 | ---- | M] () -- C:\Users\Will\Documents\hom.jpg
[2010/03/24 23:57:35 | 000,011,695 | ---- | M] () -- C:\Users\Will\Documents\VennDiagram_jesus.gif
[2010/03/24 21:04:04 | 000,000,760 | ---- | M] () -- C:\Users\Will\Documents\Opera.lnk
[2010/03/24 16:25:51 | 000,544,768 | ---- | M] () -- C:\Users\Will\Documents\write_here_application.doc
[2010/03/24 13:43:46 | 000,031,900 | ---- | M] () -- C:\Users\Will\Documents\Gordon-Brown-and-Alistair-003.jpg
[2010/03/22 11:53:46 | 000,493,905 | ---- | M] () -- C:\Users\Will\Documents\fail.png
[2010/03/20 21:03:56 | 000,025,433 | ---- | M] () -- C:\Users\Will\Documents\jay-z.jpg
[2010/03/20 16:12:08 | 000,775,830 | ---- | M] () -- C:\Users\Will\Documents\1269097421043.jpg
[2010/03/20 16:09:30 | 000,031,199 | ---- | M] () -- C:\Users\Will\Documents\1269097372103.gif
[2010/03/19 05:50:05 | 000,097,882 | ---- | M] () -- C:\Users\Will\Documents\1268971692891.jpg
[2010/03/19 05:48:49 | 000,089,684 | ---- | M] () -- C:\Users\Will\Documents\1268973853521.jpg
[2010/03/19 05:48:06 | 000,162,904 | ---- | M] () -- C:\Users\Will\Documents\1268973648788.jpg
[2010/03/19 05:47:58 | 000,140,463 | ---- | M] () -- C:\Users\Will\Documents\1268973600980.jpg
[2010/03/19 05:41:49 | 000,081,232 | ---- | M] () -- C:\Users\Will\Documents\1268971808380.jpg
[2010/03/19 00:20:50 | 000,238,984 | ---- | M] () -- C:\Users\Will\Documents\A typical walk home in Williams head.docx
[2010/03/18 16:04:45 | 000,010,385 | ---- | M] () -- C:\Users\Will\Documents\In another life which is far sadder.docx
[2010/03/17 21:01:11 | 013,572,096 | ---- | M] () -- C:\Users\Will\Documents\Success.ppt
[2010/03/17 14:05:59 | 000,009,131 | ---- | M] () -- C:\Users\Will\Documents\map_climate_clip_image002.jpg
[2010/03/16 18:09:51 | 002,365,967 | ---- | M] () -- C:\Users\Will\Documents\Success.pptx
[2010/03/16 13:44:39 | 000,820,299 | ---- | M] () -- C:\Users\Will\Documents\djd29526v16811.PDF
[2010/03/16 13:12:15 | 010,409,763 | ---- | M] () -- C:\Users\Will\Documents\fivegreatyears.pdf
[2010/03/16 13:03:38 | 000,300,032 | ---- | M] () -- C:\Users\Will\Documents\Liverpool_-_History.doc
[2010/03/16 12:59:46 | 002,089,732 | ---- | M] () -- C:\Users\Will\Documents\Smith_2005_(April_2007).pdf
[2010/03/16 12:49:55 | 000,586,726 | ---- | M] () -- C:\Users\Will\Documents\Est2008a.pdf
[2010/03/16 12:48:19 | 000,097,210 | ---- | M] () -- C:\Users\Will\Documents\bcn001ang.pdf
[2010/03/15 14:25:11 | 000,001,876 | ---- | M] () -- C:\Users\Will\Documents\HijackThis.lnk
[2010/03/15 14:24:41 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Will\Documents\HijackThisInstaller.exe
[2010/03/15 00:29:23 | 000,115,193 | ---- | M] () -- C:\Users\Will\Documents\wp030_eng.pdf
[2010/03/14 22:51:24 | 000,033,479 | ---- | M] () -- C:\Users\Will\Documents\rach.docx
[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\Windows\PEV.exe
[2010/03/12 15:27:16 | 000,074,140 | ---- | M] () -- C:\Users\Will\Documents\LIFE IN ORDER PLEASE.docx
[2010/03/12 15:26:14 | 000,031,733 | ---- | M] () -- C:\Users\Will\Documents\longterm.docx
[2010/03/08 16:13:16 | 000,010,749 | ---- | M] () -- C:\Users\Will\Documents\Hello.docx
[2010/03/05 16:45:59 | 000,186,602 | ---- | M] () -- C:\Users\Will\Documents\Barcelona Presentation.pptx
[2010/03/05 15:54:05 | 000,010,309 | ---- | M] () -- C:\Users\Will\Documents\good day.docx
[2010/03/04 09:25:14 | 000,010,878 | ---- | M] () -- C:\Users\Will\Documents\Definitions (1).docx
[2010/03/03 19:23:22 | 000,015,043 | ---- | M] () -- C:\Users\Will\Documents\PANIC.docx
[2010/03/02 15:39:32 | 000,018,217 | ---- | M] () -- C:\Users\Will\Documents\Invisible Cities by Italo Calvino.docx
[2010/02/28 20:06:05 | 011,650,440 | ---- | M] (Opera Software ASA ) -- C:\Users\Will\Documents\Opera_1010_in_Setup.exe
[2010/02/28 20:04:51 | 009,306,504 | ---- | M] (Opera Software ASA ) -- C:\Users\Will\Documents\Opera_1010_en_Setup.exe
[2010/02/24 15:01:48 | 000,524,288 | -HS- | M] () -- C:\Users\Will\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/02/23 09:50:50 | 000,017,581 | ---- | M] () -- C:\Users\Will\Documents\Bakhtin essay.docx
[2010/02/22 23:46:33 | 000,017,523 | ---- | M] () -- C:\Users\Will\Documents\sams btl essay.docx
[2010/02/22 19:46:23 | 000,000,162 | -H-- | M] () -- C:\Users\Will\Documents\~$ms btl essay.docx
[2010/02/20 10:58:52 | 001,283,252 | ---- | M] () -- C:\Users\Will\Documents\Application Student Planner William Duncan.docx
[2010/02/20 10:50:18 | 000,915,968 | ---- | M] () -- C:\Users\Will\Documents\erm.doc
[2010/02/16 17:38:15 | 000,485,379 | ---- | M] () -- C:\Users\Will\Documents\s3.pdf
[2010/02/16 16:59:14 | 002,790,262 | ---- | M] () -- C:\Users\Will\Documents\activism_and_barcelona_model.pdf
[2010/02/15 13:45:11 | 000,056,832 | ---- | M] () -- C:\Users\Will\Documents\A pretty poor effort, really.doc
[2010/02/15 13:44:27 | 000,029,266 | ---- | M] () -- C:\Users\Will\Documents\Belt it in late boyo.docx
[2010/02/15 06:16:28 | 000,011,235 | ---- | M] () -- C:\Users\Will\Documents\Preamble.docx
[2010/02/13 06:49:31 | 000,001,744 | ---- | M] () -- C:\Users\Will\Documents\Freenet.lnk
[2010/02/13 06:46:59 | 010,416,786 | ---- | M] () -- C:\Users\Will\Documents\FreenetInstaller-1240.exe
[2010/02/10 16:02:28 | 000,833,566 | ---- | M] () -- C:\Users\Will\Documents\tcm21-156647.pdf
[2010/02/08 10:54:21 | 000,581,632 | ---- | M] () -- C:\Users\Will\Documents\Invisible Cities.ppt
[2010/02/06 23:31:27 | 000,016,341 | ---- | M] () -- C:\Users\Will\Documents\The City and Culture only not bleep.docx
[2010/02/06 19:45:18 | 000,118,003 | ---- | M] () -- C:\Users\Will\Documents\d2103ed.pdf
[2010/02/06 14:26:10 | 000,011,935 | ---- | M] () -- C:\Users\Will\Documents\The City & Culture.docx
[2010/02/05 20:11:30 | 000,079,676 | ---- | M] () -- C:\Users\Will\Documents\1265396919704.jpg
[2010/02/05 20:06:25 | 000,140,510 | ---- | M] () -- C:\Users\Will\Documents\1265396513796.jpg
[2010/02/05 20:05:02 | 000,125,703 | ---- | M] () -- C:\Users\Will\Documents\1265396438564.jpg
[2010/02/05 19:57:31 | 001,291,253 | ---- | M] () -- C:\Users\Will\Documents\Cameron_ Gay refugees from Africa should be given asylum in UK _ Mail Online.mht
[2010/02/05 19:44:57 | 000,305,039 | ---- | M] () -- C:\Users\Will\Documents\_b_ - Random.mht
[2010/02/05 19:32:49 | 000,043,190 | ---- | M] () -- C:\Users\Will\Documents\1265393899297.jpg
[2010/02/03 17:56:18 | 000,048,128 | ---- | M] () -- C:\Users\Will\Documents\Scene 22.doc
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Will\Documents\*.tmp files -> C:\Users\Will\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/04 09:01:52 | 002,672,312 | ---- | C] () -- C:\Users\Will\Desktop\esetsmartinstaller_enu.exe
[2010/05/02 16:57:31 | 000,349,347 | ---- | C] () -- C:\Users\Will\Documents\Asylum Myths 2010[1].pdf
[2010/05/02 16:50:29 | 000,019,292 | ---- | C] () -- C:\Users\Will\Documents\wtf.adr
[2010/05/02 16:34:22 | 000,027,503 | ---- | C] () -- C:\Users\Will\AppData\Roaming\UserTile.png
[2010/05/02 16:16:10 | 000,001,854 | ---- | C] () -- C:\Users\Will\Documents\Safari.lnk
[2010/04/30 17:43:29 | 000,001,889 | ---- | C] () -- C:\Users\Will\Documents\Adobe Reader 9.lnk
[2010/04/27 09:13:32 | 000,013,842 | ---- | C] () -- C:\Users\Will\Documents\notes.docx
[2010/04/27 08:24:13 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/04/27 08:24:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/04/27 08:24:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/04/27 08:24:13 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/04/27 08:24:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/04/27 06:55:33 | 000,874,022 | ---- | C] () -- C:\Users\Will\Documents\nah.pptx
[2010/04/26 09:28:58 | 006,340,338 | ---- | C] () -- C:\Users\Will\Documents\Photo Album2.pptx
[2010/04/26 09:21:58 | 030,916,760 | ---- | C] () -- C:\Users\Will\Documents\Photo Album.pptx
[2010/04/25 22:52:37 | 003,924,005 | R--- | C] () -- C:\Users\Will\Documents\ComboFix.exe
[2010/04/25 22:51:52 | 000,464,491 | ---- | C] () -- C:\Users\Will\Documents\RootRepeal.zip
[2010/04/24 23:16:17 | 000,012,070 | ---- | C] () -- C:\Users\Will\Documents\bleep twathead.docx
[2010/04/22 15:26:25 | 000,038,189 | ---- | C] () -- C:\Users\Will\Documents\Solar-Dynamics-Observator-001.jpg
[2010/04/21 09:56:35 | 000,036,085 | ---- | C] () -- C:\Users\Will\Documents\bookshopdisplayb2cropped_small.jpg
[2010/04/21 09:56:12 | 000,027,635 | ---- | C] () -- C:\Users\Will\Documents\3Watermill-Gallery-Feb-07.jpg
[2010/04/21 09:56:04 | 000,028,142 | ---- | C] () -- C:\Users\Will\Documents\2Watermill-Gallery-Feb-07.jpg
[2010/04/21 09:55:55 | 000,023,232 | ---- | C] () -- C:\Users\Will\Documents\1Watermill-Gallery-Feb-07.jpg
[2010/04/21 08:56:51 | 000,112,823 | ---- | C] () -- C:\Users\Will\Documents\Old_watermill_building,_Aberfeldy.jpg
[2010/04/21 08:44:40 | 000,624,978 | ---- | C] () -- C:\Users\Will\Documents\cca.pdf
[2010/04/20 18:12:34 | 000,025,042 | ---- | C] () -- C:\Users\Will\Documents\davidcameron.jpg
[2010/04/19 19:02:17 | 000,038,935 | ---- | C] () -- C:\Users\Will\Documents\files-usb_dotnetwizard.net.rar
[2010/04/19 16:51:44 | 000,201,857 | ---- | C] () -- C:\Windows\hpoins46.dat.temp
[2010/04/19 07:59:15 | 000,000,206 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/04/18 20:37:50 | 000,000,606 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2010/04/18 20:34:00 | 000,002,114 | ---- | C] () -- C:\Users\Will\Documents\Add a Device - Deskjet F4500 series.lnk
[2010/04/18 19:49:14 | 000,001,028 | ---- | C] () -- C:\Users\Will\Documents\Shop for HP Supplies.lnk
[2010/04/18 19:48:11 | 000,001,178 | ---- | C] () -- C:\Users\Will\Documents\HP Solution Center.lnk
[2010/04/18 19:46:23 | 000,001,974 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/04/18 19:44:44 | 000,002,163 | ---- | C] () -- C:\Users\Will\Documents\Windows Live Photo Gallery.lnk
[2010/04/18 19:34:07 | 000,001,509 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/04/18 19:34:06 | 000,192,795 | ---- | C] () -- C:\Windows\hpoins46.dat
[2010/04/17 08:10:24 | 000,001,310 | ---- | C] () -- C:\Users\Will\Documents\BT Business Broadband Desktop Help.lnk
[2010/04/17 08:07:38 | 000,001,910 | ---- | C] () -- C:\Users\Will\Documents\BT Business Total Broadband.LNK
[2010/04/17 08:07:38 | 000,001,902 | ---- | C] () -- C:\Users\Will\Documents\Broadband Voice Connection.LNK
[2010/04/17 08:07:37 | 000,001,812 | ---- | C] () -- C:\Users\Will\Documents\Hub Manager.LNK
[2010/04/16 19:48:00 | 000,506,399 | ---- | C] () -- C:\Users\Will\Documents\PDFDownload.pdf
[2010/04/12 21:08:23 | 000,012,419 | ---- | C] () -- C:\Users\Will\Documents\It seems too soon.docx
[2010/04/09 20:07:17 | 000,015,937 | ---- | C] () -- C:\Users\Will\Documents\budgeting 2010-11.xlsx
[2010/04/08 23:40:20 | 000,742,400 | ---- | C] () -- C:\Users\Will\Documents\Publication1.pub
[2010/04/08 16:01:47 | 005,838,164 | ---- | C] () -- C:\Users\Will\Documents\meeehh.pptx
[2010/04/07 22:23:00 | 000,238,009 | ---- | C] () -- C:\Users\Will\Documents\Hello Rachael.docx
[2010/04/07 16:00:45 | 000,009,978 | ---- | C] () -- C:\Users\Will\Documents\juice.docx
[2010/04/07 15:45:27 | 000,011,456 | ---- | C] () -- C:\Users\Will\Documents\Urban Design Project.docx
[2010/04/07 14:09:04 | 007,676,016 | ---- | C] () -- C:\Users\Will\Documents\Presentation1.pptx
[2010/04/06 16:25:13 | 000,011,718 | ---- | C] () -- C:\Users\Will\Documents\go on.docx
[2010/03/29 08:36:00 | 001,764,864 | ---- | C] () -- C:\Users\Will\Documents\Universal ecological compensation for green field development.ppt
[2010/03/29 08:35:26 | 000,727,625 | ---- | C] () -- C:\Users\Will\Documents\Universal ecological compensation for green field development.pptx
[2010/03/28 17:31:00 | 000,018,809 | ---- | C] () -- C:\Users\Will\Documents\pe190244.jpg
[2010/03/28 17:29:56 | 000,046,714 | ---- | C] () -- C:\Users\Will\Documents\einstein-stache.jpg
[2010/03/28 17:22:51 | 000,026,307 | ---- | C] () -- C:\Users\Will\Documents\2879tobacco_pipe.jpg
[2010/03/28 17:22:32 | 000,003,367 | ---- | C] () -- C:\Users\Will\Documents\J20455.jpg
[2010/03/28 17:21:51 | 000,027,166 | ---- | C] () -- C:\Users\Will\Documents\magnifying_glass.jpg
[2010/03/28 16:55:08 | 000,080,026 | ---- | C] () -- C:\Users\Will\Documents\UK_Flag_Wavy.jpg
[2010/03/27 22:09:16 | 000,143,265 | ---- | C] () -- C:\Users\Will\Documents\800px-German_Flag_Wavy_svg.png
[2010/03/27 15:32:56 | 000,033,772 | ---- | C] () -- C:\Users\Will\Documents\elmo-tricycle.jpg
[2010/03/27 13:48:00 | 000,029,996 | ---- | C] () -- C:\Users\Will\Documents\hello-kitty-bicycle.jpg
[2010/03/27 13:47:18 | 000,029,996 | ---- | C] () -- C:\Users\Public\Documents\hello-kitty-bicycle.jpg
[2010/03/27 13:27:32 | 000,169,318 | ---- | C] () -- C:\Users\Will\Documents\Jamieson-paper Climate Ethics.pdf
[2010/03/27 13:10:12 | 000,154,550 | ---- | C] () -- C:\Users\Will\Documents\spacetime-frame-dragging.jpg
[2010/03/27 12:47:15 | 000,028,243 | ---- | C] () -- C:\Users\Will\Documents\treeGardenA0000.jpg
[2010/03/27 12:44:14 | 000,727,660 | ---- | C] () -- C:\Users\Will\Documents\image.jpeg
[2010/03/27 12:42:53 | 000,093,774 | ---- | C] () -- C:\Users\Will\Documents\3108money_house.jpg
[2010/03/27 12:38:25 | 000,049,037 | ---- | C] () -- C:\Users\Will\Documents\stick_insect_small.jpg
[2010/03/27 12:37:31 | 000,004,769 | ---- | C] () -- C:\Users\Will\Documents\stick_figure.gif
[2010/03/26 18:58:58 | 000,047,898 | ---- | C] () -- C:\Users\Will\Documents\hom.jpg
[2010/03/24 23:57:34 | 000,011,695 | ---- | C] () -- C:\Users\Will\Documents\VennDiagram_jesus.gif
[2010/03/24 16:25:50 | 000,544,768 | ---- | C] () -- C:\Users\Will\Documents\write_here_application.doc
[2010/03/24 13:43:46 | 000,031,900 | ---- | C] () -- C:\Users\Will\Documents\Gordon-Brown-and-Alistair-003.jpg
[2010/03/22 11:53:45 | 000,493,905 | ---- | C] () -- C:\Users\Will\Documents\fail.png
[2010/03/20 21:03:32 | 000,025,433 | ---- | C] () -- C:\Users\Will\Documents\jay-z.jpg
[2010/03/20 16:12:08 | 000,775,830 | ---- | C] () -- C:\Users\Will\Documents\1269097421043.jpg
[2010/03/20 16:09:30 | 000,031,199 | ---- | C] () -- C:\Users\Will\Documents\1269097372103.gif
[2010/03/19 05:50:05 | 000,097,882 | ---- | C] () -- C:\Users\Will\Documents\1268971692891.jpg
[2010/03/19 05:48:49 | 000,089,684 | ---- | C] () -- C:\Users\Will\Documents\1268973853521.jpg
[2010/03/19 05:48:06 | 000,162,904 | ---- | C] () -- C:\Users\Will\Documents\1268973648788.jpg
[2010/03/19 05:47:58 | 000,140,463 | ---- | C] () -- C:\Users\Will\Documents\1268973600980.jpg
[2010/03/19 05:41:49 | 000,081,232 | ---- | C] () -- C:\Users\Will\Documents\1268971808380.jpg
[2010/03/19 00:20:49 | 000,238,984 | ---- | C] () -- C:\Users\Will\Documents\A typical walk home in Williams head.docx
[2010/03/18 16:04:43 | 000,010,385 | ---- | C] () -- C:\Users\Will\Documents\In another life which is far sadder.docx
[2010/03/17 14:05:59 | 000,009,131 | ---- | C] () -- C:\Users\Will\Documents\map_climate_clip_image002.jpg
[2010/03/16 18:10:05 | 013,572,096 | ---- | C] () -- C:\Users\Will\Documents\Success.ppt
[2010/03/16 13:44:39 | 000,820,299 | ---- | C] () -- C:\Users\Will\Documents\djd29526v16811.PDF
[2010/03/16 13:12:15 | 010,409,763 | ---- | C] () -- C:\Users\Will\Documents\fivegreatyears.pdf
[2010/03/16 13:03:37 | 000,300,032 | ---- | C] () -- C:\Users\Will\Documents\Liverpool_-_History.doc
[2010/03/16 12:59:46 | 002,089,732 | ---- | C] () -- C:\Users\Will\Documents\Smith_2005_(April_2007).pdf
[2010/03/16 12:49:55 | 000,586,726 | ---- | C] () -- C:\Users\Will\Documents\Est2008a.pdf
[2010/03/16 12:48:19 | 000,097,210 | ---- | C] () -- C:\Users\Will\Documents\bcn001ang.pdf
[2010/03/15 17:28:13 | 002,365,967 | ---- | C] () -- C:\Users\Will\Documents\Success.pptx
[2010/03/15 14:25:11 | 000,001,876 | ---- | C] () -- C:\Users\Will\Documents\HijackThis.lnk
[2010/03/15 00:29:23 | 000,115,193 | ---- | C] () -- C:\Users\Will\Documents\wp030_eng.pdf
[2010/03/14 22:51:22 | 000,033,479 | ---- | C] () -- C:\Users\Will\Documents\rach.docx
[2010/03/13 20:57:36 | 000,027,321 | ---- | C] () -- C:\Users\Will\Documents\Findhorn.docx
[2010/03/12 15:26:12 | 000,031,733 | ---- | C] () -- C:\Users\Will\Documents\longterm.docx
[2010/03/11 18:34:39 | 000,074,140 | ---- | C] () -- C:\Users\Will\Documents\LIFE IN ORDER PLEASE.docx
[2010/03/08 16:12:50 | 000,010,749 | ---- | C] () -- C:\Users\Will\Documents\Hello.docx
[2010/03/05 15:55:34 | 000,186,602 | ---- | C] () -- C:\Users\Will\Documents\Barcelona Presentation.pptx
[2010/03/05 15:55:13 | 011,785,567 | ---- | C] () -- C:\Users\Will\Documents\Urban Design Currie Project.pptx
[2010/03/05 15:54:04 | 000,010,309 | ---- | C] () -- C:\Users\Will\Documents\good day.docx
[2010/03/04 09:25:12 | 000,010,878 | ---- | C] () -- C:\Users\Will\Documents\Definitions (1).docx
[2010/03/03 12:02:21 | 000,015,043 | ---- | C] () -- C:\Users\Will\Documents\PANIC.docx
[2010/03/01 18:36:04 | 000,018,217 | ---- | C] () -- C:\Users\Will\Documents\Invisible Cities by Italo Calvino.docx
[2010/02/28 20:10:08 | 000,000,760 | ---- | C] () -- C:\Users\Will\Documents\Opera.lnk
[2010/02/23 09:21:22 | 000,017,581 | ---- | C] () -- C:\Users\Will\Documents\Bakhtin essay.docx
[2010/02/22 19:46:23 | 000,000,162 | -H-- | C] () -- C:\Users\Will\Documents\~$ms btl essay.docx
[2010/02/22 19:46:22 | 000,017,523 | ---- | C] () -- C:\Users\Will\Documents\sams btl essay.docx
[2010/02/20 10:57:43 | 001,283,252 | ---- | C] () -- C:\Users\Will\Documents\Application Student Planner William Duncan.docx
[2010/02/16 17:38:15 | 000,485,379 | ---- | C] () -- C:\Users\Will\Documents\s3.pdf
[2010/02/16 16:59:14 | 002,790,262 | ---- | C] () -- C:\Users\Will\Documents\activism_and_barcelona_model.pdf
[2010/02/15 13:45:10 | 000,056,832 | ---- | C] () -- C:\Users\Will\Documents\A pretty poor effort, really.doc
[2010/02/15 06:16:27 | 000,011,235 | ---- | C] () -- C:\Users\Will\Documents\Preamble.docx
[2010/02/13 06:49:31 | 000,001,744 | ---- | C] () -- C:\Users\Will\Documents\Freenet.lnk
[2010/02/13 06:46:35 | 010,416,786 | ---- | C] () -- C:\Users\Will\Documents\FreenetInstaller-1240.exe
[2010/02/12 14:12:57 | 000,029,266 | ---- | C] () -- C:\Users\Will\Documents\Belt it in late boyo.docx
[2010/02/10 16:02:28 | 000,833,566 | ---- | C] () -- C:\Users\Will\Documents\tcm21-156647.pdf
[2010/02/06 19:45:18 | 000,118,003 | ---- | C] () -- C:\Users\Will\Documents\d2103ed.pdf
[2010/02/06 14:29:40 | 000,016,341 | ---- | C] () -- C:\Users\Will\Documents\The City and Culture only not bleep.docx
[2010/02/06 13:31:36 | 000,011,935 | ---- | C] () -- C:\Users\Will\Documents\The City & Culture.docx
[2010/02/05 20:11:30 | 000,079,676 | ---- | C] () -- C:\Users\Will\Documents\1265396919704.jpg
[2010/02/05 20:06:25 | 000,140,510 | ---- | C] () -- C:\Users\Will\Documents\1265396513796.jpg
[2010/02/05 20:05:02 | 000,125,703 | ---- | C] () -- C:\Users\Will\Documents\1265396438564.jpg
[2010/02/05 19:57:31 | 001,291,253 | ---- | C] () -- C:\Users\Will\Documents\Cameron_ Gay refugees from Africa should be given asylum in UK _ Mail Online.mht
[2010/02/05 19:44:57 | 000,305,039 | ---- | C] () -- C:\Users\Will\Documents\_b_ - Random.mht
[2010/02/05 19:32:49 | 000,043,190 | ---- | C] () -- C:\Users\Will\Documents\1265393899297.jpg
[2010/02/03 15:32:43 | 000,048,128 | ---- | C] () -- C:\Users\Will\Documents\Scene 22.doc
[2009/10/06 18:53:54 | 000,114,688 | ---- | C] () -- C:\Windows\System32\OdiOlDVR.dll
[2009/10/06 18:53:54 | 000,053,248 | ---- | C] () -- C:\Windows\System32\OdiAPI.dll
[2009/09/14 09:34:28 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI
[2009/08/05 12:05:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/13 05:55:51 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/07/13 05:55:51 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/04/09 17:37:23 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1576.dll
[2009/04/09 14:59:43 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009/04/09 14:59:43 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2009/07/13 06:56:57 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2009/05/14 12:21:21 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/07/13 09:45:47 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\fhnetwork.com
[2009/08/14 12:16:35 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Opera
[2009/09/12 07:18:50 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Research In Motion
[2009/10/30 16:42:37 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Sports Interactive
[2009/08/25 22:57:04 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Spotify
[2009/05/12 09:33:13 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Template
[2009/08/25 23:42:53 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\TrueCrypt
[2010/05/02 11:29:12 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\uTorrent
[2010/05/03 23:19:45 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/09 17:09:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/09 17:09:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys
[2009/04/09 17:09:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2009/04/09 17:09:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009/04/09 17:09:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2008/05/07 23:40:38 | 000,395,288 | ---- | M] (Intel Corporation) MD5=07FB761600EFF44AF02C35B8B57E5863 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008/09/01 11:15:54 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Drivers\storage\R197861\IaStor.sys
[2008/05/07 23:40:02 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008/09/01 11:15:54 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows\System32\drivers\iaStor.sys
[2008/05/07 23:40:02 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1ab0331f\iaStor.sys
[2008/09/01 11:15:54 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_8e717be2\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/12/22 11:32:38 | 000,054,784 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\bcmwlrmt.dll
[2009/04/11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemdrive%\*.sys /90 /md5 >
[2010/05/04 08:29:48 | 3181,760,512 | -HS- | M] () Unable to obtain MD5 -- C:\hiberfil.sys
[2010/05/04 08:29:47 | 3495,567,360 | -HS- | M] () Unable to obtain MD5 -- C:\pagefile.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 55838 bytes -> C:\ProgramData\Sports Interactive:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV
< End of report >


OTL Extras logfile created on: 04/05/2010 14:29:17 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Will\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.36 Gb Total Space | 35.59 Gb Free Space | 26.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 14.65 Gb Total Space | 8.30 Gb Free Space | 56.68% Space Free | Partition Type: NTFS
Drive F: | 5.77 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HW3
Current User Name: Will
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 
"FirewallDisableNotify" = 0
"FirewallOverride" = 
"FirstRunDisabled" = 
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11B0B043-3B05-422E-8F9E-89A28C5B95C3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{177CD04A-A7F8-4D68-BB28-281C7E631016}" = rport=139 | protocol=6 | dir=out | app=system |
"{1B391735-23C5-4BA7-853E-10DEC6C31D98}" = rport=138 | protocol=17 | dir=out | app=system |
"{33D9205F-E264-4984-AAB4-57AEC9EEBEB3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3A9D9E50-0DCF-4049-9827-A07D2FC041DD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3B41D55A-E86C-4F39-9A87-FDFBB1CAECD3}" = rport=137 | protocol=17 | dir=out | app=system |
"{4A67EA8C-ED0B-4AC5-B21E-E46B1DC4F450}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4E5232D6-33C8-47E5-81A4-740F7306DB18}" = lport=138 | protocol=17 | dir=in | app=system |
"{5119D37B-6BF2-4E67-B673-BAF27720A7DE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5215D12A-9A86-4CC5-9850-A947EBFA3CD8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{652CD377-CD0D-4F3C-80FB-4DA2483AC7D2}" = lport=137 | protocol=17 | dir=in | app=system |
"{69EC4BBA-0A99-4B76-BDD0-5551C6A0E86E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9E20EF06-D04B-42FB-AA0B-0C59323FF601}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A42EF736-4620-4FD9-A08C-517E2068F439}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{AA683C09-4948-4A64-9343-71DA2CCC6CBA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BEB7AC89-B26E-4DBB-B54A-1C93F0018418}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C6B6A7E7-47C1-4F91-ABAC-19EB98AB5592}" = lport=445 | protocol=6 | dir=in | app=system |
"{D1DE5A77-FA33-40CE-A8DA-147F87642453}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D9307E87-5A27-4CC5-A3EB-6A326C20BB46}" = rport=445 | protocol=6 | dir=out | app=system |
"{EAE4ECF7-544B-4C33-AEF7-C78CDD4AD604}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EB6389E6-36CA-4E61-93DB-D5842F10BCD6}" = lport=139 | protocol=6 | dir=in | app=system |
"{F9404485-8F80-4FF1-8BDC-F577857C1738}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0587F139-8FA8-466C-8C85-AF4346930C5A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{10844E26-6C48-4A3B-8C84-82D9092CD1D4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{14118FFF-7A92-4C37-A441-82D7D5AC52E0}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{1A474826-6825-44A0-9C03-C1343DF238AA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{1E2B7ED3-DD81-4F90-A9FB-F665FE8D12B7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{245461A3-A898-409E-8CE0-D93497A17C67}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{2DA32D34-641E-49E3-9F82-CFA7F3068C8B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{3DA0865C-5D11-486D-BBA1-E5AD0C8F2356}" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2010\fm.exe |
"{51411B08-04D5-4734-AF19-9DACBA83C4EB}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{5C3DB1D0-14C8-4B7B-96D8-CC88CE033F55}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{653E7AFA-450E-4169-8C2C-914FEB0DC911}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{728B507A-88E9-4989-A902-00F672412446}" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2009\fm.exe |
"{76303A2E-D04E-4D13-A251-686791C22191}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{7819238C-10FC-4BDA-ABBE-3BC9A9E1FC0B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{7AE8EF5F-B257-4722-A970-19167D9647D7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{7B7EF82D-3B5B-4132-8DAA-21A94AB9AA8E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7E32C42C-7E66-4711-AF87-D0890D9E4AE3}" = dir=in | app=f:\setup\hpznui01.exe |
"{83875CAE-B60A-429A-9B26-4F56DD04CA85}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{87D8322F-8D47-4A52-90F6-BC5C8A188E9A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{8CB0F879-B18D-4FCF-96D5-A6D27AC7AEB5}" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2009\fm.exe |
"{9A9E65FD-7ACA-4F6D-8E77-D9272B487457}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{9B24E114-727B-4B68-9F6D-4C5A519E05A8}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{9F814D1C-C8E8-484B-813D-2B7D566C41B4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A75CB1FF-B90E-41F3-A06A-681E72B84163}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{A9AD30E8-F049-49AA-BDD9-CC1CA57F74C7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{AF95DEEE-78ED-4820-9FDF-9407221BE277}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{BF74AAC5-DE57-486B-80B5-971DB37FBC26}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C3F6C2E4-2C89-45E6-BCF7-55F97F8EFC6A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C8FC9FF5-1841-4554-A9C9-2A52D72BE0FE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DA3B47A5-F0F0-4025-A23D-CC25710A78F4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E35D51A8-FBDD-4829-8E7F-BFA2A64D8909}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{E5B5035B-2AC3-4045-B350-4F610BE535FA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{ED5B57C9-39CA-4FC0-B208-1F6E934676BF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EE6C9262-99B0-4F50-A6EA-AE82DA0A8154}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FF75C061-F046-4093-B1C9-48064687E77B}" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2010\fm.exe |
"{FF91E04C-13F4-4D5F-8902-175A0B1D0C0B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"TCP Query User{07CB0BAB-440C-40B6-A75F-34FA80922BEC}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{1023A00B-8AEA-44A2-9A88-FB9A8BD5D34F}C:\program files\opera 10 beta\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera 10 beta\opera.exe |
"TCP Query User{800ECA58-BB69-41F5-B9D2-F5F878AEDE6E}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{93B2DABA-65F8-481A-A8CE-51EE4F73BB02}C:\program files\opera 10 beta\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera 10 beta\opera.exe |
"TCP Query User{AB781E29-81CF-4079-ADB2-58AEC00256B8}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{CDEB34D6-7968-497A-8981-E924FD20B17F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{D1E519DD-84E1-4971-8208-5B74AFC2EDC9}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{2CB1210A-BCD6-4F91-BAC0-5EEBC8E30AC4}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{717CF85A-BD0F-4E2D-98F7-213D70E7A139}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{8B69FB8F-ECF6-4404-B147-7D1879F66166}C:\program files\opera 10 beta\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera 10 beta\opera.exe |
"UDP Query User{B0FF7A70-4675-45B8-99D2-F2DB79992CB7}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{D03DCE5E-58D4-4101-9D4B-4BEFFAFE4EEF}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{E2E85B08-3B0C-41AE-9EE7-C7CEE28311D9}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{F6A0C65A-F03B-4056-BE5D-AA638CB709BE}C:\program files\opera 10 beta\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera 10 beta\opera.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{13333239-0A15-4855-BEEB-0232DAA5B7EA}" = BlackBerry Desktop Software 5.0.1
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{27F00C63-449B-2FAB-CBE8-24AB80E17449}" = Acrobat.com
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{300A2961-B2B5-4889-9CB9-5C2A570D08AD}" = Debugging Tools for Windows (x86)
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EA0E0DD-4203-C20C-2740-582DFBF1CC59}" = BBC iPlayer Desktop
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_06_F4500_SW_MIN
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E0B21EE-F414-412A-B916-19CBDEA5EF64}_is1" = Smart Diary Suite 4
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{55A7B938-3D1E-4819-A87B-F83E736EF52E}" = F4500
"{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7F08A772-2816-4F46-84F1-49578502AD28}" = HP Deskjet F4500 Printer Driver Software 13.0 Rel .6
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}" = Apple Application Support
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"avast!" = avast! Antivirus
"BlackBerry_{13333239-0A15-4855-BEEB-0232DAA5B7EA}" = BlackBerry Desktop Software 5.0.1
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"BT Business Broadband Desktop Help" = BT Business Broadband Desktop Help
"BTBusinessHub" = BTBusinessHub
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OA009" = Integrated Webcam Driver (1.00.02.0825)
"Dell Webcam Central" = Dell Webcam Central
"ESET Online Scanner" = ESET Online Scanner v3
"Football Manager 2009" = Football Manager 2009
"Football Manager 2010" = Football Manager 2010
"GoToAssist" = GoToAssist Corporate
"HijackThis" = HijackThis 2.0.2
"HotspotShield" = Hotspot Shield 1.41
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.17)" = Mozilla Firefox (3.0.17)
"Quick Zip_is1" = Quick Zip 4.60.019
"Shockwave" = Shockwave
"Shop for HP Supplies" = Shop for HP Supplies
"Spotify" = Spotify
"TrueCrypt" = TrueCrypt
"ULTIMATER" = Microsoft Office Ultimate 2007
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.1 VAQ final uninstall
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 23/09/2009 10:43:51 | Computer Name = HW3 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\Will\AppData\Local\Temp\RoxWatchTray9.dmp failed, 00000005.

Error - 27/02/2010 17:27:34 | Computer Name = HW3 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\System32\hccutils.dll failed, 00000005.

Error - 29/03/2010 10:16:12 | Computer Name = HW3 | Source = avast! | ID = 33554522
Description = Error in aswChestS: chest s_NewFile Error 112.

Error - 29/03/2010 10:16:12 | Computer Name = HW3 | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 112.

Error - 08/04/2010 09:33:00 | Computer Name = HW3 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\System32\wbem\Repository\MAPPING1.MAP failed, 00000005.

Error - 26/04/2010 17:42:28 | Computer Name = HW3 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\SoftwareDistribution\Download\fcd007baf1eabfcff5db5eae5e72f04d\BITBD27.tmp
failed, 00000026.

[ Application Events ]
Error - 11/03/2010 05:54:45 | Computer Name = HW3 | Source = SPP | ID = 16387
Description =

Error - 11/03/2010 05:54:45 | Computer Name = HW3 | Source = System Restore | ID = 8193
Description =

Error - 11/03/2010 05:57:03 | Computer Name = HW3 | Source = SPP | ID = 16387
Description =

Error - 11/03/2010 05:57:03 | Computer Name = HW3 | Source = System Restore | ID = 8193
Description =

Error - 11/03/2010 06:23:56 | Computer Name = HW3 | Source = EventSystem | ID = 4621
Description =

Error - 11/03/2010 06:26:23 | Computer Name = HW3 | Source = WinMgmt | ID = 10
Description =

Error - 11/03/2010 06:58:46 | Computer Name = HW3 | Source = SPP | ID = 16387
Description =

Error - 11/03/2010 06:58:46 | Computer Name = HW3 | Source = System Restore | ID = 8193
Description =

Error - 11/03/2010 06:58:46 | Computer Name = HW3 | Source = System Restore | ID = 8210
Description =

Error - 11/03/2010 12:32:12 | Computer Name = HW3 | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 03/06/2009 07:35:03 | Computer Name = HW3 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2947
seconds with 2880 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 02/05/2010 17:21:35 | Computer Name = HW3 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.14 for the Network Card with network
address 00225F827029 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 02/05/2010 17:23:06 | Computer Name = HW3 | Source = Service Control Manager | ID = 7000
Description =

Error - 02/05/2010 17:23:06 | Computer Name = HW3 | Source = Service Control Manager | ID = 7000
Description =

Error - 03/05/2010 04:08:04 | Computer Name = HW3 | Source = Service Control Manager | ID = 7000
Description =

Error - 03/05/2010 04:08:04 | Computer Name = HW3 | Source = Service Control Manager | ID = 7000
Description =

Error - 03/05/2010 05:55:33 | Computer Name = HW3 | Source = Service Control Manager | ID = 7030
Description =

Error - 03/05/2010 15:49:16 | Computer Name = HW3 | Source = Service Control Manager | ID = 7000
Description =

Error - 03/05/2010 15:49:16 | Computer Name = HW3 | Source = Service Control Manager | ID = 7000
Description =

Error - 04/05/2010 03:31:34 | Computer Name = HW3 | Source = Service Control Manager | ID = 7000
Description =

Error - 04/05/2010 03:31:34 | Computer Name = HW3 | Source = Service Control Manager | ID = 7000
Description =


< End of report >

#14 wd21

wd21
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 04 May 2010 - 09:11 AM

here we go -

C:\Program Files\Hotspot Shield\bin\openvpnas.exe a variant of Win32/Adware.AnchorFree application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\iaStor.sys.vir Win32/Olmarik.VM trojan cleaned - quarantined
C:\Users\Will\AppData\Local\temp\c7xv1vqc.tmp\HSS-1.41-install-webroot-225-conduit.exe a variant of Win32/Adware.AnchorFree application deleted -

quarantined
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=13d720cbd415f945b38fe82eade01d44
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-05-04 11:49:27
# local_time=2010-05-04 12:49:27 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 4304333 4304333 0 0
# compatibility_mode=769 16775165 100 98 1219 209244995 0 0
# compatibility_mode=1024 16777215 100 0 25595613 25595613 0 0
# compatibility_mode=5892 16776573 100 100 1695 110492969 0 0
# compatibility_mode=8192 67108863 100 0 100 100 0 0
# scanned=185349
# found=3
# cleaned=3
# scan_time=13526
C:\Program Files\Hotspot Shield\bin\openvpnas.exe a variant of Win32/Adware.AnchorFree application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\iaStor.sys.vir Win32/Olmarik.VM trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Will\AppData\Local\temp\c7xv1vqc.tmp\HSS-1.41-install-webroot-225-conduit.exe a variant of Win32/Adware.AnchorFree application (deleted - quarantined) 00000000000000000000000000000000 C

OTL logfile created on: 04/05/2010 14:29:17 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Will\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.36 Gb Total Space | 35.59 Gb Free Space | 26.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 14.65 Gb Total Space | 8.30 Gb Free Space | 56.68% Space Free | Partition Type: NTFS
Drive F: | 5.77 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HW3
Current User Name: Will
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/04 14:28:09 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Will\Desktop\OTL.exe
PRC - [2010/04/06 20:44:44 | 000,107,056 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
PRC - [2010/04/01 01:24:08 | 000,194,608 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2010/03/26 20:07:02 | 000,331,824 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2010/03/04 03:33:50 | 001,795,880 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe
PRC - [2009/12/07 12:56:00 | 001,584,640 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\BT Business Broadband Desktop Help\btbb\BTHelpNotifier.exe
PRC - [2009/08/31 12:25:16 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/08/17 17:07:23 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/08/17 17:07:17 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/08/17 17:07:01 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/08/17 17:04:21 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/08/17 16:58:55 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/15 05:13:50 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/12/15 05:13:46 | 000,241,746 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe
PRC - [2008/12/15 05:13:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe
PRC - [2008/10/24 09:14:36 | 000,206,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2008/10/04 19:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/10/04 19:58:02 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/09/24 04:09:52 | 001,295,656 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/09/24 04:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/09/04 06:29:18 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/09/04 06:29:10 | 000,200,704 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/09/04 06:29:10 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/05/07 23:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/05/07 23:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/01/21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/02/22 18:32:12 | 000,118,784 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe


========== Modules (SafeList) ==========

MOD - [2010/05/04 14:28:09 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Will\Desktop\OTL.exe
MOD - [2009/04/11 07:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/21 03:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/17 08:07:48 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2010/04/06 20:44:46 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2010/04/01 01:24:08 | 000,194,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2010/03/26 20:07:02 | 000,331,824 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/17 17:07:17 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/08/17 17:07:01 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/08/17 17:04:21 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/08/17 16:58:55 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/12/15 05:13:46 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe -- (STacSV)
SRV - [2008/12/15 05:13:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe -- (AESTFilters)
SRV - [2008/10/04 19:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/09/24 04:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/05/07 23:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2010/03/26 20:07:02 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2010/03/26 20:07:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2009/12/07 12:55:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/12/07 12:55:56 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/08/25 23:39:53 | 000,217,536 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009/08/17 17:05:52 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/08/17 17:05:37 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/08/17 17:05:24 | 000,053,328 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2009/08/17 17:04:40 | 000,051,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/08/17 17:04:29 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2008/12/22 11:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/12/17 09:56:50 | 001,331,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/12/15 05:13:54 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/12/09 06:25:14 | 002,473,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/09/04 06:29:08 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/09/03 09:44:22 | 000,269,216 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA009Vid.sys -- (OA009Vid)
DRV - [2008/09/03 09:44:22 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA009Ufd.sys -- (OA009Ufd)
DRV - [2008/09/02 10:19:22 | 000,069,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/09/01 11:19:40 | 000,304,128 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2008/09/01 11:15:54 | 000,317,976 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2008/01/21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/01/21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/04/07 17:06:38 | 000,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VNUSB.sys -- (VNUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/USCON/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.29
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {5546F97E-11A5-46b0-9082-32AD74AAA920}:0.5.5.5
FF - prefs.js..extensions.enabledItems: lazarus@interclue.com:2.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.8.1
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.2.2
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20090414

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/18 19:51:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/27 16:17:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/03 15:31:25 | 000,000,000 | ---D | M]

[2009/05/12 17:36:02 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Extensions
[2010/04/30 17:49:32 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\voa0ebkw.default\extensions
[2009/07/11 15:19:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\voa0ebkw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/05/12 17:41:01 | 000,000,000 | ---D | M] (InFormEnter) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\voa0ebkw.default\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
[2009/08/12 07:03:48 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\voa0ebkw.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/07/13 22:37:29 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\voa0ebkw.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/08/13 13:20:36 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\voa0ebkw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/05/12 17:41:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\voa0ebkw.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009/05/19 10:37:32 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\voa0ebkw.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/05/12 17:41:01 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\voa0ebkw.default\extensions\lazarus@interclue.com
[2009/08/09 22:41:56 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\voa0ebkw.default\extensions\personas@christopher.beard
[2010/05/03 15:31:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/03 15:31:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/03 15:31:11 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/27 16:17:21 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/27 16:17:21 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/27 16:17:21 | 000,000,759 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/27 16:17:21 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Business Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - Startup: C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Will\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Will\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/21 03:34:27 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/05/04 14:28:06 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Will\Desktop\OTL.exe
[2010/05/04 09:02:21 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/05/03 15:31:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/03 10:49:58 | 000,000,000 | ---D | C] -- C:\Hotspot Shield
[2010/05/03 10:49:52 | 000,000,000 | ---D | C] -- C:\Program Files\Hotspot Shield
[2010/05/02 16:15:10 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/02 14:53:16 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Downloads
[2010/05/02 14:51:23 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\Google
[2010/05/02 09:42:17 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Vysotsky Vladimir - Selected Songs [by saepood.ee]
[2010/04/27 08:52:58 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\RSP
[2010/04/27 08:47:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/04/27 08:47:19 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\temp
[2010/04/27 08:24:13 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/04/27 08:24:13 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/04/27 08:24:13 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/04/27 08:23:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/04/27 08:22:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/04/27 07:48:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/19 16:49:37 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\HP
[2010/04/19 12:47:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2010/04/19 07:52:28 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Local\HP
[2010/04/18 19:52:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010/04/18 19:52:27 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\Yahoo!
[2010/04/18 19:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/04/18 19:48:21 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2010/04/18 19:45:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/04/18 19:45:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/04/18 19:41:37 | 000,000,000 | ---D | C] -- C:\Users\Will\{071abbc4-cdf9-47ce-8962-8971cdb8b1ba}
[2010/04/18 19:39:57 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/04/18 19:36:06 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/04/18 19:33:31 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2010/04/17 08:10:14 | 000,000,000 | ---D | C] -- C:\Users\Will\AppData\Roaming\Motive
[2010/04/17 08:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Motive
[2010/04/17 08:08:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2010/04/17 08:07:58 | 000,000,000 | ---D | C] -- C:\Program Files\BT Business Broadband Desktop Help
[2010/04/17 08:07:33 | 000,000,000 | ---D | C] -- C:\Program Files\BTBusinessHub
[2010/03/30 14:26:28 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Herman's Hermits - Greatest Hits
[2010/03/30 14:16:55 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\The Verve -Discografia-[www.TodoCVCD.com][Johnnygan]
[2010/03/30 13:56:58 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\The Kinks - The Ultimate Collection
[2010/03/30 13:56:15 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\The Smiths Complete collection(10LP's)mp3
[2010/03/29 08:32:57 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/03/26 20:07:02 | 000,037,376 | ---- | C] (AnchorFree Inc.) -- C:\Windows\System32\drivers\HssDrv.sys
[2010/03/26 20:07:02 | 000,032,768 | ---- | C] (AnchorFree Inc) -- C:\Windows\System32\drivers\taphss.sys
[2010/03/15 14:25:08 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/15 14:24:41 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Will\Documents\HijackThisInstaller.exe
[2010/03/12 02:56:19 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Antony & The Johnsons-The Crying Light-2009
[2010/03/12 02:55:42 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Antony and the Johnsons - Discography 2000-2005
[2010/03/11 19:37:03 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Ray_Lamontagne_3_studioalbums_mp3
[2010/03/08 15:23:06 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\clothes
[2010/02/28 20:05:38 | 011,650,440 | ---- | C] (Opera Software ASA ) -- C:\Users\Will\Documents\Opera_1010_in_Setup.exe
[2010/02/28 20:04:29 | 009,306,504 | ---- | C] (Opera Software ASA ) -- C:\Users\Will\Documents\Opera_1010_en_Setup.exe
[2010/02/22 18:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PersSecurityUninstall
[2010/02/14 18:58:37 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Tom Waits - discography
[2010/02/14 18:58:27 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Nick Drake From CDs
[2010/02/14 18:58:22 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Tom Waits discography
[2010/02/14 18:58:09 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\[1994] MTV Unplugged In New York - Nirvana @ 320kbs
[2010/02/14 18:47:07 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Blind Willie Johnson - The Complete Blind Willie Johnson
[2010/02/14 18:25:48 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Lennon Legend - The Very Best Of
[2010/02/14 18:07:28 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\R.E.M.The Best Of Rem (In Time 1988-2003)
[2010/02/14 17:58:58 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\lauryn hill - mtv unplugged no. 2.0
[2010/02/14 17:58:21 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Vic Chesnutt - Silver Lake (2003)
[2010/02/14 17:57:06 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Tracy Chapman - Tracy Chapman
[2010/02/14 15:19:03 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Cat Power - You Are Free (2003) -192k
[2010/02/14 15:11:03 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Cat Power - The Greatest [2006]
[2010/02/14 14:36:07 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Dark Was The Night - Various
[2010/02/14 14:34:32 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Feist - Discography (4 Albums)
[2010/02/14 14:19:27 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Beach Boys - Pet Sounds
[2010/02/14 14:05:45 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Broken Social Scene
[2010/02/14 14:00:36 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Alanis Morissette - MTV Unplugged
[2010/02/14 13:51:19 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Leonard Cohen
[2010/02/14 13:42:02 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Danger Mouse and Sparklehorse - Dark Night of The Soul
[2010/02/14 13:41:26 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Florence And The Machine - Lungs [2009][320kbps]MP3-MT
[2010/02/14 13:34:05 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Quantic & Quantic Soul Orchestra Complete Discography
[2010/02/14 13:31:35 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Animal Collective - Merriweather Post Pavilion [2009]
[2010/02/14 13:30:41 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Jeff_Buckley-Sketches_For_my_Sweetheart_the_Drunk
[2010/02/14 13:30:28 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\The xx
[2010/02/14 11:27:47 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Al Green - The Very Best Of Al Green (2001) KompletlyWyred DHZ Inc Release
[2010/02/14 11:26:56 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Portishead - Third (Advance) - 2008
[2010/02/14 11:26:35 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Massive Attack - Discography
[2010/02/14 11:24:46 | 000,000,000 | ---D | C] -- C:\Users\Will\Documents\Bombay Bicycle Club - I Had The Blues But I Shook Them Loose (2009) - Indie
[2010/02/13 07:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Will\Documents\*.tmp files -> C:\Users\Will\Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/04 14:29:54 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/04 14:29:54 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/04 14:28:29 | 002,621,440 | -HS- | M] () -- C:\Users\Will\NTUSER.DAT
[2010/05/04 14:28:09 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Will\Desktop\OTL.exe
[2010/05/04 09:01:52 | 002,672,312 | ---- | M] () -- C:\Users\Will\Desktop\esetsmartinstaller_enu.exe
[2010/05/04 08:36:52 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/04 08:36:52 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/04 08:36:52 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/04 08:30:04 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/04 08:29:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/04 08:29:48 | 3181,760,512 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/03 23:19:42 | 000,524,288 | -HS- | M] () -- C:\Users\Will\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/05/03 23:19:42 | 000,065,536 | -HS- | M] () -- C:\Users\Will\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/05/03 23:19:40 | 002,521,578 | -H-- | M] () -- C:\Users\Will\AppData\Local\IconCache.db
[2010/05/03 11:17:37 | 000,027,503 | ---- | M] () -- C:\Users\Will\AppData\Roaming\UserTile.png
[2010/05/02 16:57:31 | 000,349,347 | ---- | M] () -- C:\Users\Will\Documents\Asylum Myths 2010[1].pdf
[2010/05/02 16:50:29 | 000,019,292 | ---- | M] () -- C:\Users\Will\Documents\wtf.adr
[2010/05/02 16:16:10 | 000,001,854 | ---- | M] () -- C:\Users\Will\Documents\Safari.lnk
[2010/04/30 18:02:00 | 000,001,889 | ---- | M] () -- C:\Users\Will\Documents\Adobe Reader 9.lnk
[2010/04/30 10:43:58 | 000,013,842 | ---- | M] () -- C:\Users\Will\Documents\notes.docx
[2010/04/28 18:35:54 | 000,380,520 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/27 10:38:37 | 000,012,070 | ---- | M] () -- C:\Users\Will\Documents\bleep twathead.docx
[2010/04/27 08:44:04 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/04/27 08:23:09 | 003,924,005 | R--- | M] () -- C:\Users\Will\Documents\ComboFix.exe
[2010/04/27 06:55:36 | 000,874,022 | ---- | M] () -- C:\Users\Will\Documents\nah.pptx
[2010/04/27 06:25:52 | 000,023,552 | ---- | M] () -- C:\Users\Will\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/26 09:29:14 | 006,340,338 | ---- | M] () -- C:\Users\Will\Documents\Photo Album2.pptx
[2010/04/26 09:22:39 | 030,916,760 | ---- | M] () -- C:\Users\Will\Documents\Photo Album.pptx
[2010/04/25 23:25:40 | 011,785,567 | ---- | M] () -- C:\Users\Will\Documents\Urban Design Currie Project.pptx
[2010/04/25 22:51:53 | 000,464,491 | ---- | M] () -- C:\Users\Will\Documents\RootRepeal.zip
[2010/04/22 15:26:25 | 000,038,189 | ---- | M] () -- C:\Users\Will\Documents\Solar-Dynamics-Observator-001.jpg
[2010/04/21 09:56:35 | 000,036,085 | ---- | M] () -- C:\Users\Will\Documents\bookshopdisplayb2cropped_small.jpg
[2010/04/21 09:56:12 | 000,027,635 | ---- | M] () -- C:\Users\Will\Documents\3Watermill-Gallery-Feb-07.jpg
[2010/04/21 09:56:04 | 000,028,142 | ---- | M] () -- C:\Users\Will\Documents\2Watermill-Gallery-Feb-07.jpg
[2010/04/21 09:55:55 | 000,023,232 | ---- | M] () -- C:\Users\Will\Documents\1Watermill-Gallery-Feb-07.jpg
[2010/04/21 08:56:51 | 000,112,823 | ---- | M] () -- C:\Users\Will\Documents\Old_watermill_building,_Aberfeldy.jpg
[2010/04/21 08:44:40 | 000,624,978 | ---- | M] () -- C:\Users\Will\Documents\cca.pdf
[2010/04/20 18:12:34 | 000,025,042 | ---- | M] () -- C:\Users\Will\Documents\davidcameron.jpg
[2010/04/19 19:02:17 | 000,038,935 | ---- | M] () -- C:\Users\Will\Documents\files-usb_dotnetwizard.net.rar
[2010/04/19 16:52:29 | 000,192,795 | ---- | M] () -- C:\Windows\hpoins46.dat
[2010/04/19 07:59:15 | 000,000,206 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2010/04/19 07:52:27 | 000,102,808 | ---- | M] () -- C:\Users\Will\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/18 20:39:39 | 000,201,857 | ---- | M] () -- C:\Windows\hpoins46.dat.temp
[2010/04/18 20:34:00 | 000,002,114 | ---- | M] () -- C:\Users\Will\Documents\Add a Device - Deskjet F4500 series.lnk
[2010/04/18 19:49:14 | 000,001,028 | ---- | M] () -- C:\Users\Will\Documents\Shop for HP Supplies.lnk
[2010/04/18 19:48:11 | 000,001,178 | ---- | M] () -- C:\Users\Will\Documents\HP Solution Center.lnk
[2010/04/18 19:46:23 | 000,001,974 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/04/18 19:44:44 | 000,002,163 | ---- | M] () -- C:\Users\Will\Documents\Windows Live Photo Gallery.lnk
[2010/04/18 19:41:44 | 001,796,632 | ---- | M] () -- C:\Users\Will\Documents\INFCACHE.1
[2010/04/17 08:10:24 | 000,001,310 | ---- | M] () -- C:\Users\Will\Documents\BT Business Broadband Desktop Help.lnk
[2010/04/17 08:07:38 | 000,001,910 | ---- | M] () -- C:\Users\Will\Documents\BT Business Total Broadband.LNK
[2010/04/17 08:07:38 | 000,001,902 | ---- | M] () -- C:\Users\Will\Documents\Broadband Voice Connection.LNK
[2010/04/17 08:07:37 | 000,001,812 | ---- | M] () -- C:\Users\Will\Documents\Hub Manager.LNK
[2010/04/16 19:48:00 | 000,506,399 | ---- | M] () -- C:\Users\Will\Documents\PDFDownload.pdf
[2010/04/14 14:59:47 | 000,012,419 | ---- | M] () -- C:\Users\Will\Documents\It seems too soon.docx
[2010/04/14 12:28:09 | 007,676,016 | ---- | M] () -- C:\Users\Will\Documents\Presentation1.pptx
[2010/04/13 00:06:04 | 000,011,456 | ---- | M] () -- C:\Users\Will\Documents\Urban Design Project.docx
[2010/04/10 19:31:32 | 000,015,937 | ---- | M] () -- C:\Users\Will\Documents\budgeting 2010-11.xlsx
[2010/04/09 09:41:31 | 000,742,400 | ---- | M] () -- C:\Users\Will\Documents\Publication1.pub
[2010/04/08 16:01:50 | 005,838,164 | ---- | M] () -- C:\Users\Will\Documents\meeehh.pptx
[2010/04/07 22:23:41 | 000,238,009 | ---- | M] () -- C:\Users\Will\Documents\Hello Rachael.docx
[2010/04/07 16:00:46 | 000,009,978 | ---- | M] () -- C:\Users\Will\Documents\juice.docx
[2010/04/06 20:40:40 | 000,011,718 | ---- | M] () -- C:\Users\Will\Documents\go on.docx
[2010/04/05 16:50:00 | 000,027,321 | ---- | M] () -- C:\Users\Will\Documents\Findhorn.docx
[2010/03/29 08:36:10 | 001,764,864 | ---- | M] () -- C:\Users\Will\Documents\Universal ecological compensation for green field development.ppt
[2010/03/29 08:35:31 | 000,727,625 | ---- | M] () -- C:\Users\Will\Documents\Universal ecological compensation for green field development.pptx
[2010/03/28 17:31:00 | 000,018,809 | ---- | M] () -- C:\Users\Will\Documents\pe190244.jpg
[2010/03/28 17:29:56 | 000,046,714 | ---- | M] () -- C:\Users\Will\Documents\einstein-stache.jpg
[2010/03/28 17:22:51 | 000,026,307 | ---- | M] () -- C:\Users\Will\Documents\2879tobacco_pipe.jpg
[2010/03/28 17:22:32 | 000,003,367 | ---- | M] () -- C:\Users\Will\Documents\J20455.jpg
[2010/03/28 17:21:51 | 000,027,166 | ---- | M] () -- C:\Users\Will\Documents\magnifying_glass.jpg
[2010/03/28 16:55:08 | 000,080,026 | ---- | M] () -- C:\Users\Will\Documents\UK_Flag_Wavy.jpg
[2010/03/27 22:09:16 | 000,143,265 | ---- | M] () -- C:\Users\Will\Documents\800px-German_Flag_Wavy_svg.png
[2010/03/27 15:32:56 | 000,033,772 | ---- | M] () -- C:\Users\Will\Documents\elmo-tricycle.jpg
[2010/03/27 13:49:03 | 000,029,996 | ---- | M] () -- C:\Users\Will\Documents\hello-kitty-bicycle.jpg
[2010/03/27 13:48:39 | 000,029,996 | ---- | M] () -- C:\Users\Public\Documents\hello-kitty-bicycle.jpg
[2010/03/27 13:29:32 | 000,169,318 | ---- | M] () -- C:\Users\Will\Documents\Jamieson-paper Climate Ethics.pdf
[2010/03/27 13:10:12 | 000,154,550 | ---- | M] () -- C:\Users\Will\Documents\spacetime-frame-dragging.jpg
[2010/03/27 12:47:15 | 000,028,243 | ---- | M] () -- C:\Users\Will\Documents\treeGardenA0000.jpg
[2010/03/27 12:44:14 | 000,727,660 | ---- | M] () -- C:\Users\Will\Documents\image.jpeg
[2010/03/27 12:42:53 | 000,093,774 | ---- | M] () -- C:\Users\Will\Documents\3108money_house.jpg
[2010/03/27 12:38:25 | 000,049,037 | ---- | M] () -- C:\Users\Will\Documents\stick_insect_small.jpg
[2010/03/27 12:37:31 | 000,004,769 | ---- | M] () -- C:\Users\Will\Documents\stick_figure.gif
[2010/03/26 20:07:02 | 000,037,376 | ---- | M] (AnchorFree Inc.) -- C:\Windows\System32\drivers\HssDrv.sys
[2010/03/26 20:07:02 | 000,032,768 | ---- | M] (AnchorFree Inc) -- C:\Windows\System32\drivers\taphss.sys
[2010/03/26 18:58:58 | 000,047,898 | ---- | M] () -- C:\Users\Will\Documents\hom.jpg
[2010/03/24 23:57:35 | 000,011,695 | ---- | M] () -- C:\Users\Will\Documents\VennDiagram_jesus.gif
[2010/03/24 21:04:04 | 000,000,760 | ---- | M] () -- C:\Users\Will\Documents\Opera.lnk
[2010/03/24 16:25:51 | 000,544,768 | ---- | M] () -- C:\Users\Will\Documents\write_here_application.doc
[2010/03/24 13:43:46 | 000,031,900 | ---- | M] () -- C:\Users\Will\Documents\Gordon-Brown-and-Alistair-003.jpg
[2010/03/22 11:53:46 | 000,493,905 | ---- | M] () -- C:\Users\Will\Documents\fail.png
[2010/03/20 21:03:56 | 000,025,433 | ---- | M] () -- C:\Users\Will\Documents\jay-z.jpg
[2010/03/20 16:12:08 | 000,775,830 | ---- | M] () -- C:\Users\Will\Documents\1269097421043.jpg
[2010/03/20 16:09:30 | 000,031,199 | ---- | M] () -- C:\Users\Will\Documents\1269097372103.gif
[2010/03/19 05:50:05 | 000,097,882 | ---- | M] () -- C:\Users\Will\Documents\1268971692891.jpg
[2010/03/19 05:48:49 | 000,089,684 | ---- | M] () -- C:\Users\Will\Documents\1268973853521.jpg
[2010/03/19 05:48:06 | 000,162,904 | ---- | M] () -- C:\Users\Will\Documents\1268973648788.jpg
[2010/03/19 05:47:58 | 000,140,463 | ---- | M] () -- C:\Users\Will\Documents\1268973600980.jpg
[2010/03/19 05:41:49 | 000,081,232 | ---- | M] () -- C:\Users\Will\Documents\1268971808380.jpg
[2010/03/19 00:20:50 | 000,238,984 | ---- | M] () -- C:\Users\Will\Documents\A typical walk home in Williams head.docx
[2010/03/18 16:04:45 | 000,010,385 | ---- | M] () -- C:\Users\Will\Documents\In another life which is far sadder.docx
[2010/03/17 21:01:11 | 013,572,096 | ---- | M] () -- C:\Users\Will\Documents\Success.ppt
[2010/03/17 14:05:59 | 000,009,131 | ---- | M] () -- C:\Users\Will\Documents\map_climate_clip_image002.jpg
[2010/03/16 18:09:51 | 002,365,967 | ---- | M] () -- C:\Users\Will\Documents\Success.pptx
[2010/03/16 13:44:39 | 000,820,299 | ---- | M] () -- C:\Users\Will\Documents\djd29526v16811.PDF
[2010/03/16 13:12:15 | 010,409,763 | ---- | M] () -- C:\Users\Will\Documents\fivegreatyears.pdf
[2010/03/16 13:03:38 | 000,300,032 | ---- | M] () -- C:\Users\Will\Documents\Liverpool_-_History.doc
[2010/03/16 12:59:46 | 002,089,732 | ---- | M] () -- C:\Users\Will\Documents\Smith_2005_(April_2007).pdf
[2010/03/16 12:49:55 | 000,586,726 | ---- | M] () -- C:\Users\Will\Documents\Est2008a.pdf
[2010/03/16 12:48:19 | 000,097,210 | ---- | M] () -- C:\Users\Will\Documents\bcn001ang.pdf
[2010/03/15 14:25:11 | 000,001,876 | ---- | M] () -- C:\Users\Will\Documents\HijackThis.lnk
[2010/03/15 14:24:41 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Will\Documents\HijackThisInstaller.exe
[2010/03/15 00:29:23 | 000,115,193 | ---- | M] () -- C:\Users\Will\Documents\wp030_eng.pdf
[2010/03/14 22:51:24 | 000,033,479 | ---- | M] () -- C:\Users\Will\Documents\rach.docx
[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\Windows\PEV.exe
[2010/03/12 15:27:16 | 000,074,140 | ---- | M] () -- C:\Users\Will\Documents\LIFE IN ORDER PLEASE.docx
[2010/03/12 15:26:14 | 000,031,733 | ---- | M] () -- C:\Users\Will\Documents\longterm.docx
[2010/03/08 16:13:16 | 000,010,749 | ---- | M] () -- C:\Users\Will\Documents\Hello.docx
[2010/03/05 16:45:59 | 000,186,602 | ---- | M] () -- C:\Users\Will\Documents\Barcelona Presentation.pptx
[2010/03/05 15:54:05 | 000,010,309 | ---- | M] () -- C:\Users\Will\Documents\good day.docx
[2010/03/04 09:25:14 | 000,010,878 | ---- | M] () -- C:\Users\Will\Documents\Definitions (1).docx
[2010/03/03 19:23:22 | 000,015,043 | ---- | M] () -- C:\Users\Will\Documents\PANIC.docx
[2010/03/02 15:39:32 | 000,018,217 | ---- | M] () -- C:\Users\Will\Documents\Invisible Cities by Italo Calvino.docx
[2010/02/28 20:06:05 | 011,650,440 | ---- | M] (Opera Software ASA ) -- C:\Users\Will\Documents\Opera_1010_in_Setup.exe
[2010/02/28 20:04:51 | 009,306,504 | ---- | M] (Opera Software ASA ) -- C:\Users\Will\Documents\Opera_1010_en_Setup.exe
[2010/02/24 15:01:48 | 000,524,288 | -HS- | M] () -- C:\Users\Will\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/02/23 09:50:50 | 000,017,581 | ---- | M] () -- C:\Users\Will\Documents\Bakhtin essay.docx
[2010/02/22 23:46:33 | 000,017,523 | ---- | M] () -- C:\Users\Will\Documents\sams btl essay.docx
[2010/02/22 19:46:23 | 000,000,162 | -H-- | M] () -- C:\Users\Will\Documents\~$ms btl essay.docx
[2010/02/20 10:58:52 | 001,283,252 | ---- | M] () -- C:\Users\Will\Documents\Application Student Planner William Duncan.docx
[2010/02/20 10:50:18 | 000,915,968 | ---- | M] () -- C:\Users\Will\Documents\erm.doc
[2010/02/16 17:38:15 | 000,485,379 | ---- | M] () -- C:\Users\Will\Documents\s3.pdf
[2010/02/16 16:59:14 | 002,790,262 | ---- | M] () -- C:\Users\Will\Documents\activism_and_barcelona_model.pdf
[2010/02/15 13:45:11 | 000,056,832 | ---- | M] () -- C:\Users\Will\Documents\A pretty poor effort, really.doc
[2010/02/15 13:44:27 | 000,029,266 | ---- | M] () -- C:\Users\Will\Documents\Belt it in late boyo.docx
[2010/02/15 06:16:28 | 000,011,235 | ---- | M] () -- C:\Users\Will\Documents\Preamble.docx
[2010/02/13 06:49:31 | 000,001,744 | ---- | M] () -- C:\Users\Will\Documents\Freenet.lnk
[2010/02/13 06:46:59 | 010,416,786 | ---- | M] () -- C:\Users\Will\Documents\FreenetInstaller-1240.exe
[2010/02/10 16:02:28 | 000,833,566 | ---- | M] () -- C:\Users\Will\Documents\tcm21-156647.pdf
[2010/02/08 10:54:21 | 000,581,632 | ---- | M] () -- C:\Users\Will\Documents\Invisible Cities.ppt
[2010/02/06 23:31:27 | 000,016,341 | ---- | M] () -- C:\Users\Will\Documents\The City and Culture only not bleep.docx
[2010/02/06 19:45:18 | 000,118,003 | ---- | M] () -- C:\Users\Will\Documents\d2103ed.pdf
[2010/02/06 14:26:10 | 000,011,935 | ---- | M] () -- C:\Users\Will\Documents\The City & Culture.docx
[2010/02/05 20:11:30 | 000,079,676 | ---- | M] () -- C:\Users\Will\Documents\1265396919704.jpg
[2010/02/05 20:06:25 | 000,140,510 | ---- | M] () -- C:\Users\Will\Documents\1265396513796.jpg
[2010/02/05 20:05:02 | 000,125,703 | ---- | M] () -- C:\Users\Will\Documents\1265396438564.jpg
[2010/02/05 19:57:31 | 001,291,253 | ---- | M] () -- C:\Users\Will\Documents\Cameron_ Gay refugees from Africa should be given asylum in UK _ Mail Online.mht
[2010/02/05 19:44:57 | 000,305,039 | ---- | M] () -- C:\Users\Will\Documents\_b_ - Random.mht
[2010/02/05 19:32:49 | 000,043,190 | ---- | M] () -- C:\Users\Will\Documents\1265393899297.jpg
[2010/02/03 17:56:18 | 000,048,128 | ---- | M] () -- C:\Users\Will\Documents\Scene 22.doc
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Will\Documents\*.tmp files -> C:\Users\Will\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/04 09:01:52 | 002,672,312 | ---- | C] () -- C:\Users\Will\Desktop\esetsmartinstaller_enu.exe
[2010/05/02 16:57:31 | 000,349,347 | ---- | C] () -- C:\Users\Will\Documents\Asylum Myths 2010[1].pdf
[2010/05/02 16:50:29 | 000,019,292 | ---- | C] () -- C:\Users\Will\Documents\wtf.adr
[2010/05/02 16:34:22 | 000,027,503 | ---- | C] () -- C:\Users\Will\AppData\Roaming\UserTile.png
[2010/05/02 16:16:10 | 000,001,854 | ---- | C] () -- C:\Users\Will\Documents\Safari.lnk
[2010/04/30 17:43:29 | 000,001,889 | ---- | C] () -- C:\Users\Will\Documents\Adobe Reader 9.lnk
[2010/04/27 09:13:32 | 000,013,842 | ---- | C] () -- C:\Users\Will\Documents\notes.docx
[2010/04/27 08:24:13 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/04/27 08:24:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/04/27 08:24:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/04/27 08:24:13 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/04/27 08:24:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/04/27 06:55:33 | 000,874,022 | ---- | C] () -- C:\Users\Will\Documents\nah.pptx
[2010/04/26 09:28:58 | 006,340,338 | ---- | C] () -- C:\Users\Will\Documents\Photo Album2.pptx
[2010/04/26 09:21:58 | 030,916,760 | ---- | C] () -- C:\Users\Will\Documents\Photo Album.pptx
[2010/04/25 22:52:37 | 003,924,005 | R--- | C] () -- C:\Users\Will\Documents\ComboFix.exe
[2010/04/25 22:51:52 | 000,464,491 | ---- | C] () -- C:\Users\Will\Documents\RootRepeal.zip
[2010/04/24 23:16:17 | 000,012,070 | ---- | C] () -- C:\Users\Will\Documents\bleep twathead.docx
[2010/04/22 15:26:25 | 000,038,189 | ---- | C] () -- C:\Users\Will\Documents\Solar-Dynamics-Observator-001.jpg
[2010/04/21 09:56:35 | 000,036,085 | ---- | C] () -- C:\Users\Will\Documents\bookshopdisplayb2cropped_small.jpg
[2010/04/21 09:56:12 | 000,027,635 | ---- | C] () -- C:\Users\Will\Documents\3Watermill-Gallery-Feb-07.jpg
[2010/04/21 09:56:04 | 000,028,142 | ---- | C] () -- C:\Users\Will\Documents\2Watermill-Gallery-Feb-07.jpg
[2010/04/21 09:55:55 | 000,023,232 | ---- | C] () -- C:\Users\Will\Documents\1Watermill-Gallery-Feb-07.jpg
[2010/04/21 08:56:51 | 000,112,823 | ---- | C] () -- C:\Users\Will\Documents\Old_watermill_building,_Aberfeldy.jpg
[2010/04/21 08:44:40 | 000,624,978 | ---- | C] () -- C:\Users\Will\Documents\cca.pdf
[2010/04/20 18:12:34 | 000,025,042 | ---- | C] () -- C:\Users\Will\Documents\davidcameron.jpg
[2010/04/19 19:02:17 | 000,038,935 | ---- | C] () -- C:\Users\Will\Documents\files-usb_dotnetwizard.net.rar
[2010/04/19 16:51:44 | 000,201,857 | ---- | C] () -- C:\Windows\hpoins46.dat.temp
[2010/04/19 07:59:15 | 000,000,206 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/04/18 20:37:50 | 000,000,606 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2010/04/18 20:34:00 | 000,002,114 | ---- | C] () -- C:\Users\Will\Documents\Add a Device - Deskjet F4500 series.lnk
[2010/04/18 19:49:14 | 000,001,028 | ---- | C] () -- C:\Users\Will\Documents\Shop for HP Supplies.lnk
[2010/04/18 19:48:11 | 000,001,178 | ---- | C] () -- C:\Users\Will\Documents\HP Solution Center.lnk
[2010/04/18 19:46:23 | 000,001,974 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/04/18 19:44:44 | 000,002,163 | ---- | C] () -- C:\Users\Will\Documents\Windows Live Photo Gallery.lnk
[2010/04/18 19:34:07 | 000,001,509 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/04/18 19:34:06 | 000,192,795 | ---- | C] () -- C:\Windows\hpoins46.dat
[2010/04/17 08:10:24 | 000,001,310 | ---- | C] () -- C:\Users\Will\Documents\BT Business Broadband Desktop Help.lnk
[2010/04/17 08:07:38 | 000,001,910 | ---- | C] () -- C:\Users\Will\Documents\BT Business Total Broadband.LNK
[2010/04/17 08:07:38 | 000,001,902 | ---- | C] () -- C:\Users\Will\Documents\Broadband Voice Connection.LNK
[2010/04/17 08:07:37 | 000,001,812 | ---- | C] () -- C:\Users\Will\Documents\Hub Manager.LNK
[2010/04/16 19:48:00 | 000,506,399 | ---- | C] () -- C:\Users\Will\Documents\PDFDownload.pdf
[2010/04/12 21:08:23 | 000,012,419 | ---- | C] () -- C:\Users\Will\Documents\It seems too soon.docx
[2010/04/09 20:07:17 | 000,015,937 | ---- | C] () -- C:\Users\Will\Documents\budgeting 2010-11.xlsx
[2010/04/08 23:40:20 | 000,742,400 | ---- | C] () -- C:\Users\Will\Documents\Publication1.pub
[2010/04/08 16:01:47 | 005,838,164 | ---- | C] () -- C:\Users\Will\Documents\meeehh.pptx
[2010/04/07 22:23:00 | 000,238,009 | ---- | C] () -- C:\Users\Will\Documents\Hello Rachael.docx
[2010/04/07 16:00:45 | 000,009,978 | ---- | C] () -- C:\Users\Will\Documents\juice.docx
[2010/04/07 15:45:27 | 000,011,456 | ---- | C] () -- C:\Users\Will\Documents\Urban Design Project.docx
[2010/04/07 14:09:04 | 007,676,016 | ---- | C] () -- C:\Users\Will\Documents\Presentation1.pptx
[2010/04/06 16:25:13 | 000,011,718 | ---- | C] () -- C:\Users\Will\Documents\go on.docx
[2010/03/29 08:36:00 | 001,764,864 | ---- | C] () -- C:\Users\Will\Documents\Universal ecological compensation for green field development.ppt
[2010/03/29 08:35:26 | 000,727,625 | ---- | C] () -- C:\Users\Will\Documents\Universal ecological compensation for green field development.pptx
[2010/03/28 17:31:00 | 000,018,809 | ---- | C] () -- C:\Users\Will\Documents\pe190244.jpg
[2010/03/28 17:29:56 | 000,046,714 | ---- | C] () -- C:\Users\Will\Documents\einstein-stache.jpg
[2010/03/28 17:22:51 | 000,026,307 | ---- | C] () -- C:\Users\Will\Documents\2879tobacco_pipe.jpg
[2010/03/28 17:22:32 | 000,003,367 | ---- | C] () -- C:\Users\Will\Documents\J20455.jpg
[2010/03/28 17:21:51 | 000,027,166 | ---- | C] () -- C:\Users\Will\Documents\magnifying_glass.jpg
[2010/03/28 16:55:08 | 000,080,026 | ---- | C] () -- C:\Users\Will\Documents\UK_Flag_Wavy.jpg
[2010/03/27 22:09:16 | 000,143,265 | ---- | C] () -- C:\Users\Will\Documents\800px-German_Flag_Wavy_svg.png
[2010/03/27 15:32:56 | 000,033,772 | ---- | C] () -- C:\Users\Will\Documents\elmo-tricycle.jpg
[2010/03/27 13:48:00 | 000,029,996 | ---- | C] () -- C:\Users\Will\Documents\hello-kitty-bicycle.jpg
[2010/03/27 13:47:18 | 000,029,996 | ---- | C] () -- C:\Users\Public\Documents\hello-kitty-bicycle.jpg
[2010/03/27 13:27:32 | 000,169,318 | ---- | C] () -- C:\Users\Will\Documents\Jamieson-paper Climate Ethics.pdf
[2010/03/27 13:10:12 | 000,154,550 | ---- | C] () -- C:\Users\Will\Documents\spacetime-frame-dragging.jpg
[2010/03/27 12:47:15 | 000,028,243 | ---- | C] () -- C:\Users\Will\Documents\treeGardenA0000.jpg
[2010/03/27 12:44:14 | 000,727,660 | ---- | C] () -- C:\Users\Will\Documents\image.jpeg
[2010/03/27 12:42:53 | 000,093,774 | ---- | C] () -- C:\Users\Will\Documents\3108money_house.jpg
[2010/03/27 12:38:25 | 000,049,037 | ---- | C] () -- C:\Users\Will\Documents\stick_insect_small.jpg
[2010/03/27 12:37:31 | 000,004,769 | ---- | C] () -- C:\Users\Will\Documents\stick_figure.gif
[2010/03/26 18:58:58 | 000,047,898 | ---- | C] () -- C:\Users\Will\Documents\hom.jpg
[2010/03/24 23:57:34 | 000,011,695 | ---- | C] () -- C:\Users\Will\Documents\VennDiagram_jesus.gif
[2010/03/24 16:25:50 | 000,544,768 | ---- | C] () -- C:\Users\Will\Documents\write_here_application.doc
[2010/03/24 13:43:46 | 000,031,900 | ---- | C] () -- C:\Users\Will\Documents\Gordon-Brown-and-Alistair-003.jpg
[2010/03/22 11:53:45 | 000,493,905 | ---- | C] () -- C:\Users\Will\Documents\fail.png
[2010/03/20 21:03:32 | 000,025,433 | ---- | C] () -- C:\Users\Will\Documents\jay-z.jpg
[2010/03/20 16:12:08 | 000,775,830 | ---- | C] () -- C:\Users\Will\Documents\1269097421043.jpg
[2010/03/20 16:09:30 | 000,031,199 | ---- | C] () -- C:\Users\Will\Documents\1269097372103.gif
[2010/03/19 05:50:05 | 000,097,882 | ---- | C] () -- C:\Users\Will\Documents\1268971692891.jpg
[2010/03/19 05:48:49 | 000,089,684 | ---- | C] () -- C:\Users\Will\Documents\1268973853521.jpg
[2010/03/19 05:48:06 | 000,162,904 | ---- | C] () -- C:\Users\Will\Documents\1268973648788.jpg
[2010/03/19 05:47:58 | 000,140,463 | ---- | C] () -- C:\Users\Will\Documents\1268973600980.jpg
[2010/03/19 05:41:49 | 000,081,232 | ---- | C] () -- C:\Users\Will\Documents\1268971808380.jpg
[2010/03/19 00:20:49 | 000,238,984 | ---- | C] () -- C:\Users\Will\Documents\A typical walk home in Williams head.docx
[2010/03/18 16:04:43 | 000,010,385 | ---- | C] () -- C:\Users\Will\Documents\In another life which is far sadder.docx
[2010/03/17 14:05:59 | 000,009,131 | ---- | C] () -- C:\Users\Will\Documents\map_climate_clip_image002.jpg
[2010/03/16 18:10:05 | 013,572,096 | ---- | C] () -- C:\Users\Will\Documents\Success.ppt
[2010/03/16 13:44:39 | 000,820,299 | ---- | C] () -- C:\Users\Will\Documents\djd29526v16811.PDF
[2010/03/16 13:12:15 | 010,409,763 | ---- | C] () -- C:\Users\Will\Documents\fivegreatyears.pdf
[2010/03/16 13:03:37 | 000,300,032 | ---- | C] () -- C:\Users\Will\Documents\Liverpool_-_History.doc
[2010/03/16 12:59:46 | 002,089,732 | ---- | C] () -- C:\Users\Will\Documents\Smith_2005_(April_2007).pdf
[2010/03/16 12:49:55 | 000,586,726 | ---- | C] () -- C:\Users\Will\Documents\Est2008a.pdf
[2010/03/16 12:48:19 | 000,097,210 | ---- | C] () -- C:\Users\Will\Documents\bcn001ang.pdf
[2010/03/15 17:28:13 | 002,365,967 | ---- | C] () -- C:\Users\Will\Documents\Success.pptx
[2010/03/15 14:25:11 | 000,001,876 | ---- | C] () -- C:\Users\Will\Documents\HijackThis.lnk
[2010/03/15 00:29:23 | 000,115,193 | ---- | C] () -- C:\Users\Will\Documents\wp030_eng.pdf
[2010/03/14 22:51:22 | 000,033,479 | ---- | C] () -- C:\Users\Will\Documents\rach.docx
[2010/03/13 20:57:36 | 000,027,321 | ---- | C] () -- C:\Users\Will\Documents\Findhorn.docx
[2010/03/12 15:26:12 | 000,031,733 | ---- | C] () -- C:\Users\Will\Documents\longterm.docx
[2010/03/11 18:34:39 | 000,074,140 | ---- | C] () -- C:\Users\Will\Documents\LIFE IN ORDER PLEASE.docx
[2010/03/08 16:12:50 | 000,010,749 | ---- | C] () -- C:\Users\Will\Documents\Hello.docx
[2010/03/05 15:55:34 | 000,186,602 | ---- | C] () -- C:\Users\Will\Documents\Barcelona Presentation.pptx
[2010/03/05 15:55:13 | 011,785,567 | ---- | C] () -- C:\Users\Will\Documents\Urban Design Currie Project.pptx
[2010/03/05 15:54:04 | 000,010,309 | ---- | C] () -- C:\Users\Will\Documents\good day.docx
[2010/03/04 09:25:12 | 000,010,878 | ---- | C] () -- C:\Users\Will\Documents\Definitions (1).docx
[2010/03/03 12:02:21 | 000,015,043 | ---- | C] () -- C:\Users\Will\Documents\PANIC.docx
[2010/03/01 18:36:04 | 000,018,217 | ---- | C] () -- C:\Users\Will\Documents\Invisible Cities by Italo Calvino.docx
[2010/02/28 20:10:08 | 000,000,760 | ---- | C] () -- C:\Users\Will\Documents\Opera.lnk
[2010/02/23 09:21:22 | 000,017,581 | ---- | C] () -- C:\Users\Will\Documents\Bakhtin essay.docx
[2010/02/22 19:46:23 | 000,000,162 | -H-- | C] () -- C:\Users\Will\Documents\~$ms btl essay.docx
[2010/02/22 19:46:22 | 000,017,523 | ---- | C] () -- C:\Users\Will\Documents\sams btl essay.docx
[2010/02/20 10:57:43 | 001,283,252 | ---- | C] () -- C:\Users\Will\Documents\Application Student Planner William Duncan.docx
[2010/02/16 17:38:15 | 000,485,379 | ---- | C] () -- C:\Users\Will\Documents\s3.pdf
[2010/02/16 16:59:14 | 002,790,262 | ---- | C] () -- C:\Users\Will\Documents\activism_and_barcelona_model.pdf
[2010/02/15 13:45:10 | 000,056,832 | ---- | C] () -- C:\Users\Will\Documents\A pretty poor effort, really.doc
[2010/02/15 06:16:27 | 000,011,235 | ---- | C] () -- C:\Users\Will\Documents\Preamble.docx
[2010/02/13 06:49:31 | 000,001,744 | ---- | C] () -- C:\Users\Will\Documents\Freenet.lnk
[2010/02/13 06:46:35 | 010,416,786 | ---- | C] () -- C:\Users\Will\Documents\FreenetInstaller-1240.exe
[2010/02/12 14:12:57 | 000,029,266 | ---- | C] () -- C:\Users\Will\Documents\Belt it in late boyo.docx
[2010/02/10 16:02:28 | 000,833,566 | ---- | C] () -- C:\Users\Will\Documents\tcm21-156647.pdf
[2010/02/06 19:45:18 | 000,118,003 | ---- | C] () -- C:\Users\Will\Documents\d2103ed.pdf
[2010/02/06 14:29:40 | 000,016,341 | ---- | C] () -- C:\Users\Will\Documents\The City and Culture only not bleep.docx
[2010/02/06 13:31:36 | 000,011,935 | ---- | C] () -- C:\Users\Will\Documents\The City & Culture.docx
[2010/02/05 20:11:30 | 000,079,676 | ---- | C] () -- C:\Users\Will\Documents\1265396919704.jpg
[2010/02/05 20:06:25 | 000,140,510 | ---- | C] () -- C:\Users\Will\Documents\1265396513796.jpg
[2010/02/05 20:05:02 | 000,125,703 | ---- | C] () -- C:\Users\Will\Documents\1265396438564.jpg
[2010/02/05 19:57:31 | 001,291,253 | ---- | C] () -- C:\Users\Will\Documents\Cameron_ Gay refugees from Africa should be given asylum in UK _ Mail Online.mht
[2010/02/05 19:44:57 | 000,305,039 | ---- | C] () -- C:\Users\Will\Documents\_b_ - Random.mht
[2010/02/05 19:32:49 | 000,043,190 | ---- | C] () -- C:\Users\Will\Documents\1265393899297.jpg
[2010/02/03 15:32:43 | 000,048,128 | ---- | C] () -- C:\Users\Will\Documents\Scene 22.doc
[2009/10/06 18:53:54 | 000,114,688 | ---- | C] () -- C:\Windows\System32\OdiOlDVR.dll
[2009/10/06 18:53:54 | 000,053,248 | ---- | C] () -- C:\Windows\System32\OdiAPI.dll
[2009/09/14 09:34:28 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI
[2009/08/05 12:05:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/13 05:55:51 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/07/13 05:55:51 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/04/09 17:37:23 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1576.dll
[2009/04/09 14:59:43 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009/04/09 14:59:43 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2009/07/13 06:56:57 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2009/05/14 12:21:21 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/07/13 09:45:47 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\fhnetwork.com
[2009/08/14 12:16:35 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Opera
[2009/09/12 07:18:50 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Research In Motion
[2009/10/30 16:42:37 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Sports Interactive
[2009/08/25 22:57:04 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Spotify
[2009/05/12 09:33:13 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\Template
[2009/08/25 23:42:53 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\TrueCrypt
[2010/05/02 11:29:12 | 000,000,000 | ---D | M] -- C:\Users\Will\AppData\Roaming\uTorrent
[2010/05/03 23:19:45 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/09 17:09:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/09 17:09:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys
[2009/04/09 17:09:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2009/04/09 17:09:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009/04/09 17:09:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2008/05/07 23:40:38 | 000,395,288 | ---- | M] (Intel Corporation) MD5=07FB761600EFF44AF02C35B8B57E5863 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008/09/01 11:15:54 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Drivers\storage\R197861\IaStor.sys
[2008/05/07 23:40:02 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008/09/01 11:15:54 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows\System32\drivers\iaStor.sys
[2008/05/07 23:40:02 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1ab0331f\iaStor.sys
[2008/09/01 11:15:54 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_8e717be2\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/12/22 11:32:38 | 000,054,784 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\bcmwlrmt.dll
[2009/04/11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemdrive%\*.sys /90 /md5 >
[2010/05/04 08:29:48 | 3181,760,512 | -HS- | M] () Unable to obtain MD5 -- C:\hiberfil.sys
[2010/05/04 08:29:47 | 3495,567,360 | -HS- | M] () Unable to obtain MD5 -- C:\pagefile.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 55838 bytes -> C:\ProgramData\Sports Interactive:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV
< End of report >


OTL Extras logfile created on: 04/05/2010 14:29:17 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Will\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.36 Gb Total Space | 35.59 Gb Free Space | 26.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 14.65 Gb Total Space | 8.30 Gb Free Space | 56.68% Space Free | Partition Type: NTFS
Drive F: | 5.77 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HW3
Current User Name: Will
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 
"FirewallDisableNotify" = 0
"FirewallOverride" = 
"FirstRunDisabled" = 
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11B0B043-3B05-422E-8F9E-89A28C5B95C3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{177CD04A-A7F8-4D68-BB28-281C7E631016}" = rport=139 | protocol=6 | dir=out | app=system |
"{1B391735-23C5-4BA7-853E-10DEC6C31D98}" = rport=138 | protocol=17 | dir=out | app=system |
"{33D9205F-E264-4984-AAB4-57AEC9EEBEB3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3A9D9E50-0DCF-4049-9827-A07D2FC041DD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3B41D55A-E86C-4F39-9A87-FDFBB1CAECD3}" = rport=137 | protocol=17 | dir=out | app=system |
"{4A67EA8C-ED0B-4AC5-B21E-E46B1DC4F450}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4E5232D6-33C8-47E5-81A4-740F7306DB18}" = lport=138 | protocol=17 | dir=in | app=system |
"{5119D37B-6BF2-4E67-B673-BAF27720A7DE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5215D12A-9A86-4CC5-9850-A947EBFA3CD8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{652CD377-CD0D-4F3C-80FB-4DA2483AC7D2}" = lport=137 | protocol=17 | dir=in | app=system |
"{69EC4BBA-0A99-4B76-BDD0-5551C6A0E86E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9E20EF06-D04B-42FB-AA0B-0C59323FF601}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A42EF736-4620-4FD9-A08C-517E2068F439}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{AA683C09-4948-4A64-9343-71DA2CCC6CBA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BEB7AC89-B26E-4DBB-B54A-1C93F0018418}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C6B6A7E7-47C1-4F91-ABAC-19EB98AB5592}" = lport=445 | protocol=6 | dir=in | app=system |
"{D1DE5A77-FA33-40CE-A8DA-147F87642453}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D9307E87-5A27-4CC5-A3EB-6A326C20BB46}" = rport=445 | protocol=6 | dir=out | app=system |
"{EAE4ECF7-544B-4C33-AEF7-C78CDD4AD604}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EB6389E6-36CA-4E61-93DB-D5842F10BCD6}" = lport=139 | protocol=6 | dir=in | app=system |
"{F9404485-8F80-4FF1-8BDC-F577857C1738}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0587F139-8FA8-466C-8C85-AF4346930C5A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{10844E26-6C48-4A3B-8C84-82D9092CD1D4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{14118FFF-7A92-4C37-A441-82D7D5AC52E0}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{1A474826-6825-44A0-9C03-C1343DF238AA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{1E2B7ED3-DD81-4F90-A9FB-F665FE8D12B7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{245461A3-A898-409E-8CE0-D93497A17C67}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{2DA32D34-641E-49E3-9F82-CFA7F3068C8B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{3DA0865C-5D11-486D-BBA1-E5AD0C8F2356}" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2010\fm.exe |
"{51411B08-04D5-4734-AF19-9DACBA83C4EB}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{5C3DB1D0-14C8-4B7B-96D8-CC88CE033F55}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{653E7AFA-450E-4169-8C2C-914FEB0DC911}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{728B507A-88E9-4989-A902-00F672412446}" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2009\fm.exe |
"{76303A2E-D04E-4D13-A251-686791C22191}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{7819238C-10FC-4BDA-ABBE-3BC9A9E1FC0B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{7AE8EF5F-B257-4722-A970-19167D9647D7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{7B7EF82D-3B5B-4132-8DAA-21A94AB9AA8E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7E32C42C-7E66-4711-AF87-D0890D9E4AE3}" = dir=in | app=f:\setup\hpznui01.exe |
"{83875CAE-B60A-429A-9B26-4F56DD04CA85}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{87D8322F-8D47-4A52-90F6-BC5C8A188E9A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{8CB0F879-B18D-4FCF-96D5-A6D27AC7AEB5}" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2009\fm.exe |
"{9A9E65FD-7ACA-4F6D-8E77-D9272B487457}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{9B24E114-727B-4B68-9F6D-4C5A519E05A8}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{9F814D1C-C8E8-484B-813D-2B7D566C41B4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A75CB1FF-B90E-41F3-A06A-681E72B84163}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{A9AD30E8-F049-49AA-BDD9-CC1CA57F74C7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{AF95DEEE-78ED-4820-9FDF-9407221BE277}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{BF74AAC5-DE57-486B-80B5-971DB37FBC26}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C3F6C2E4-2C89-45E6-BCF7-55F97F8EFC6A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C8FC9FF5-1841-4554-A9C9-2A52D72BE0FE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DA3B47A5-F0F0-4025-A23D-CC25710A78F4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E35D51A8-FBDD-4829-8E7F-BFA2A64D8909}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{E5B5035B-2AC3-4045-B350-4F610BE535FA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{ED5B57C9-39CA-4FC0-B208-1F6E934676BF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EE6C9262-99B0-4F50-A6EA-AE82DA0A8154}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FF75C061-F046-4093-B1C9-48064687E77B}" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2010\fm.exe |
"{FF91E04C-13F4-4D5F-8902-175A0B1D0C0B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"TCP Query User{07CB0BAB-440C-40B6-A75F-34FA80922BEC}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{1023A00B-8AEA-44A2-9A88-FB9A8BD5D34F}C:\program files\opera 10 beta\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera 10 beta\opera.exe |
"TCP Query User{800ECA58-BB69-41F5-B9D2-F5F878AEDE6E}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{93B2DABA-65F8-481A-A8CE-51EE4F73BB02}C:\program files\opera 10 beta\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera 10 beta\opera.exe |
"TCP Query User{AB781E29-81CF-4079-ADB2-58AEC00256B8}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{CDEB34D6-7968-497A-8981-E924FD20B17F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{D1E519DD-84E1-4971-8208-5B74AFC2EDC9}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{2CB1210A-BCD6-4F91-BAC0-5EEBC8E30AC4}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{717CF85A-BD0F-4E2D-98F7-213D70E7A139}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{8B69FB8F-ECF6-4404-B147-7D1879F66166}C:\program files\opera 10 beta\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera 10 beta\opera.exe |
"UDP Query User{B0FF7A70-4675-45B8-99D2-F2DB79992CB7}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{D03DCE5E-58D4-4101-9D4B-4BEFFAFE4EEF}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{E2E85B08-3B0C-41AE-9EE7-C7CEE28311D9}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{F6A0C65A-F03B-4056-BE5D-AA638CB709BE}C:\program files\opera 10 beta\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera 10 beta\opera.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{13333239-0A15-4855-BEEB-0232DAA5B7EA}" = BlackBerry Desktop Software 5.0.1
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{27F00C63-449B-2FAB-CBE8-24AB80E17449}" = Acrobat.com
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{300A2961-B2B5-4889-9CB9-5C2A570D08AD}" = Debugging Tools for Windows (x86)
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EA0E0DD-4203-C20C-2740-582DFBF1CC59}" = BBC iPlayer Desktop
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_06_F4500_SW_MIN
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E0B21EE-F414-412A-B916-19CBDEA5EF64}_is1" = Smart Diary Suite 4
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{55A7B938-3D1E-4819-A87B-F83E736EF52E}" = F4500
"{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7F08A772-2816-4F46-84F1-49578502AD28}" = HP Deskjet F4500 Printer Driver Software 13.0 Rel .6
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}" = Apple Application Support
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"avast!" = avast! Antivirus
"BlackBerry_{13333239-0A15-4855-BEEB-0232DAA5B7EA}" = BlackBerry Desktop Software 5.0.1
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"BT Business Broadband Desktop Help" = BT Business Broadband Desktop Help
"BTBusinessHub" = BTBusinessHub
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OA009" = Integrated Webcam Driver (1.00.02.0825)
"Dell Webcam Central" = Dell Webcam Central
"ESET Online Scanner" = ESET Online Scanner v3
"Football Manager 2009" = Football Manager 2009
"Football Manager 2010" = Football Manager 2010
"GoToAssist" = GoToAssist Corporate
"HijackThis" = HijackThis 2.0.2
"HotspotShield" = Hotspot Shield 1.41
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.17)" = Mozilla Firefox (3.0.17)
"Quick Zip_is1" = Quick Zip 4.60.019
"Shockwave" = Shockwave
"Shop for HP Supplies" = Shop for HP Supplies
"Spotify" = Spotify
"TrueCrypt" = TrueCrypt
"ULTIMATER" = Microsoft Office Ultimate 2007
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.1 VAQ final uninstall
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 23/09/2009 10:43:51 | Computer Name = HW3 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\Will\AppData\Local\Temp\RoxWatchTray9.dmp failed, 00000005.

Error - 27/02/2010 17:27:34 | Computer Name = HW3 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\System32\hccutils.dll failed, 00000005.

Error - 29/03/2010 10:16:12 | Computer Name = HW3 | Source = avast! | ID = 33554522
Description = Error in aswChestS: chest s_NewFile Error 112.

Error - 29/03/2010 10:16:12 | Computer Name = HW3 | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 112.

Error - 08/04/2010 09:33:00 | Computer Name = HW3 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\System32\wbem\Repository\MAPPING1.MAP failed, 00000005.

Error - 26/04/2010 17:42:28 | Computer Name = HW3 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\SoftwareDistribution\Download\fcd007baf1eabfcff5db5eae5e72f04d\BITBD27.tmp
failed, 00000026.

[ Application Events ]
Error - 11/03/2010 05:54:45 | Computer Name = HW3 | Source = SPP | ID = 16387
Description =

Error - 11/03/2010 05:54:45 | Computer Name = HW3 | Source = System Restore | ID = 8193
Description =

Error - 11/03/2010 05:57:03 | Computer Name = HW3 | Source = SPP | ID = 16387
Description =

Error - 11/03/2010 05:57:03 | Computer Name = HW3 | Source = System Restore | ID = 8193
Description =

Error - 11/03/2010 06:23:56 | Computer Name = HW3 | Source = EventSystem | ID = 4621
Description =

Error - 11/03/2010 06:26:23 | Computer Name = HW3 | Source = WinMgmt | ID = 10
Description =

Error - 11/03/2010 06:58:46 | Computer Name = HW3 | Source = SPP | ID = 16387
Description =

Error - 11/03/2010 06:58:46 | Computer Name = HW3 | Source = System Restore | ID = 8193
Description =

Error - 11/03/2010 06:58:46 | Computer Name = HW3 | Source = System Restore | ID = 8210
Description =

Error - 11/03/2010 12:32:12 | Computer Name = HW3 | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 03/06/2009 07:35:03 | Computer Name = HW3 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2947
seconds with 2880 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 02/05/2010 17:21:35 | Computer Name = HW3 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.14 for the Network Card with network
address 00225F827029 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 02/05/2010 17:23:06 | Computer Name = HW3 | Source = Service Control Manager | ID = 7000
Description =

Error - 02/05/2010 17:23:06 | Computer Name = HW3 | Source = Service Control Manager | ID = 7000
Description =

Error - 03/05/2010 04:08:04 | Computer Name = HW3 | Source = Service Control Manager | ID = 7000
Description =

Error - 03/05/2010 04:08:04 | Computer Name = HW3 | Source = Service Control Manager | ID = 7000
Description =

Error - 03/05/2010 05:55:33 | Computer Name = HW3 | Source = Service Control Manager | ID = 7030
Description =

Error - 03/05/2010 15:49:16 | Computer Name = HW3 | Source = Service Control Manager | ID = 7000
Description =

Error - 03/05/2010 15:49:16 | Computer Name = HW3 | Source = Service Control Manager | ID = 7000
Description =

Error - 04/05/2010 03:31:34 | Computer Name = HW3 | Source = Service Control Manager | ID = 7000
Description =

Error - 04/05/2010 03:31:34 | Computer Name = HW3 | Source = Service Control Manager | ID = 7000
Description =


< End of report >

#15 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:43 PM

Posted 04 May 2010 - 01:09 PM

Hi,

How is it running?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users